Malware Analysis Report

2025-08-10 16:32

Sample ID 250417-x5ql3s1rz4
Target JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6
SHA256 395f67fccccbea1c99cb243f2ff7994bfc211a19b3e3b583be219265b060d828
Tags
pykspa defense_evasion discovery persistence privilege_escalation trojan worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

395f67fccccbea1c99cb243f2ff7994bfc211a19b3e3b583be219265b060d828

Threat Level: Known bad

The file JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6 was found to be: Known bad.

Malicious Activity Summary

pykspa defense_evasion discovery persistence privilege_escalation trojan worm

Modifies WinLogon for persistence

Pykspa

Pykspa family

UAC bypass

Detect Pykspa worm

Adds policy Run key to start application

Disables RegEdit via registry modification

Executes dropped EXE

Impair Defenses: Safe Mode Boot

Checks computer location settings

Hijack Execution Flow: Executable Installer File Permissions Weakness

Adds Run key to start application

Looks up external IP address via web service

Checks whether UAC is enabled

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Unsigned PE

System Location Discovery: System Language Discovery

System policy modification

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-04-17 19:26

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-04-17 19:26

Reported

2025-04-17 19:29

Platform

win10v2004-20250410-en

Max time kernel

43s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A

Pykspa

worm pykspa

Pykspa family

pykspa

UAC bypass

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A

Detect Pykspa worm

worm
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds policy Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtsdfn = "wtfdsnifyjhvniqhila.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtsdfn = "lhspdxrnfpmzqkrhhj.exe" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtsdfn = "vpytfxpjzhcncuzn.exe" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtsdfn = "vpytfxpjzhcncuzn.exe" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtsdfn = "lhspdxrnfpmzqkrhhj.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vpytfxpjzhcncuzn.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtsdfn = "lhspdxrnfpmzqkrhhj.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtsdfn = "cxhdqjcxoxtfvouji.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtsdfn = "jhutjfbztfetmirjlpfd.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vpytfxpjzhcncuzn.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtsdfn = "lhspdxrnfpmzqkrhhj.exe" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtsdfn = "lhspdxrnfpmzqkrhhj.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cxhdqjcxoxtfvouji.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jhutjfbztfetmirjlpfd.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lhspdxrnfpmzqkrhhj.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtsdfn = "cxhdqjcxoxtfvouji.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtsdfn = "vpytfxpjzhcncuzn.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtsdfn = "lhspdxrnfpmzqkrhhj.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vpytfxpjzhcncuzn.exe" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtsdfn = "yxllczwvqddtnkunqvmlz.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jhutjfbztfetmirjlpfd.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtsdfn = "yxllczwvqddtnkunqvmlz.exe" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtsdfn = "vpytfxpjzhcncuzn.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wtfdsnifyjhvniqhila.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lhspdxrnfpmzqkrhhj.exe" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtsdfn = "vpytfxpjzhcncuzn.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jhutjfbztfetmirjlpfd.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lhspdxrnfpmzqkrhhj.exe" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jhutjfbztfetmirjlpfd.exe" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cxhdqjcxoxtfvouji.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtsdfn = "vpytfxpjzhcncuzn.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yxllczwvqddtnkunqvmlz.exe" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cxhdqjcxoxtfvouji.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wtfdsnifyjhvniqhila.exe" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtsdfn = "yxllczwvqddtnkunqvmlz.exe" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtsdfn = "cxhdqjcxoxtfvouji.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cxhdqjcxoxtfvouji.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vpytfxpjzhcncuzn.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vpytfxpjzhcncuzn.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtsdfn = "wtfdsnifyjhvniqhila.exe" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jhutjfbztfetmirjlpfd.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtsdfn = "yxllczwvqddtnkunqvmlz.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtsdfn = "jhutjfbztfetmirjlpfd.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lhspdxrnfpmzqkrhhj.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtsdfn = "cxhdqjcxoxtfvouji.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jhutjfbztfetmirjlpfd.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A

Disables RegEdit via registry modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\wtfdsnifyjhvniqhila.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\cxhdqjcxoxtfvouji.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\wtfdsnifyjhvniqhila.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\vpytfxpjzhcncuzn.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\yxllczwvqddtnkunqvmlz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\cxhdqjcxoxtfvouji.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\cxhdqjcxoxtfvouji.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\cxhdqjcxoxtfvouji.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\vpytfxpjzhcncuzn.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\wtfdsnifyjhvniqhila.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\vpytfxpjzhcncuzn.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\jhutjfbztfetmirjlpfd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\cxhdqjcxoxtfvouji.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\jhutjfbztfetmirjlpfd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\yxllczwvqddtnkunqvmlz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\vpytfxpjzhcncuzn.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\vpytfxpjzhcncuzn.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\vpytfxpjzhcncuzn.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\yxllczwvqddtnkunqvmlz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\jhutjfbztfetmirjlpfd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\wtfdsnifyjhvniqhila.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\yxllczwvqddtnkunqvmlz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\wtfdsnifyjhvniqhila.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\vpytfxpjzhcncuzn.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\wtfdsnifyjhvniqhila.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\vpytfxpjzhcncuzn.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\jhutjfbztfetmirjlpfd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\vpytfxpjzhcncuzn.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\cxhdqjcxoxtfvouji.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\yxllczwvqddtnkunqvmlz.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Windows\jhutjfbztfetmirjlpfd.exe N/A
N/A N/A C:\Windows\jhutjfbztfetmirjlpfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Windows\jhutjfbztfetmirjlpfd.exe N/A
N/A N/A C:\Windows\vpytfxpjzhcncuzn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
N/A N/A C:\Windows\yxllczwvqddtnkunqvmlz.exe N/A
N/A N/A C:\Windows\yxllczwvqddtnkunqvmlz.exe N/A
N/A N/A C:\Windows\wtfdsnifyjhvniqhila.exe N/A
N/A N/A C:\Windows\wtfdsnifyjhvniqhila.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Windows\vpytfxpjzhcncuzn.exe N/A
N/A N/A C:\Windows\cxhdqjcxoxtfvouji.exe N/A
N/A N/A C:\Windows\cxhdqjcxoxtfvouji.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe N/A
N/A N/A C:\Windows\yxllczwvqddtnkunqvmlz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe N/A
N/A N/A C:\Windows\cxhdqjcxoxtfvouji.exe N/A
N/A N/A C:\Windows\jhutjfbztfetmirjlpfd.exe N/A
N/A N/A C:\Windows\yxllczwvqddtnkunqvmlz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe N/A
N/A N/A C:\Windows\vpytfxpjzhcncuzn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Windows\vpytfxpjzhcncuzn.exe N/A
N/A N/A C:\Windows\yxllczwvqddtnkunqvmlz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Windows\jhutjfbztfetmirjlpfd.exe N/A
N/A N/A C:\Windows\vpytfxpjzhcncuzn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Windows\wtfdsnifyjhvniqhila.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe N/A
N/A N/A C:\Windows\jhutjfbztfetmirjlpfd.exe N/A
N/A N/A C:\Windows\yxllczwvqddtnkunqvmlz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Windows\cxhdqjcxoxtfvouji.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vjmbhtftdf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wtfdsnifyjhvniqhila.exe" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vjmbhtftdf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lhspdxrnfpmzqkrhhj.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\yhfpq = "cxhdqjcxoxtfvouji.exe ." C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\cprfkvgtc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yxllczwvqddtnkunqvmlz.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pxud = "vpytfxpjzhcncuzn.exe" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yhfpq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cxhdqjcxoxtfvouji.exe ." C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pxud = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wtfdsnifyjhvniqhila.exe" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pxud = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yxllczwvqddtnkunqvmlz.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\whhtwfo = "lhspdxrnfpmzqkrhhj.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\cprfkvgtc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wtfdsnifyjhvniqhila.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pxud = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wtfdsnifyjhvniqhila.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yhfpq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yxllczwvqddtnkunqvmlz.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pxud = "wtfdsnifyjhvniqhila.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\cprfkvgtc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yxllczwvqddtnkunqvmlz.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pxud = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cxhdqjcxoxtfvouji.exe" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pxud = "yxllczwvqddtnkunqvmlz.exe" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\cprfkvgtc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vpytfxpjzhcncuzn.exe ." C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\lxylpzjv = "lhspdxrnfpmzqkrhhj.exe ." C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\cprfkvgtc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wtfdsnifyjhvniqhila.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\cprfkvgtc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lhspdxrnfpmzqkrhhj.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\yhfpq = "cxhdqjcxoxtfvouji.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yhfpq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yxllczwvqddtnkunqvmlz.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\whhtwfo = "jhutjfbztfetmirjlpfd.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pxud = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cxhdqjcxoxtfvouji.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pxud = "jhutjfbztfetmirjlpfd.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\cprfkvgtc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wtfdsnifyjhvniqhila.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yhfpq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wtfdsnifyjhvniqhila.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\lxylpzjv = "yxllczwvqddtnkunqvmlz.exe ." C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pxud = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yxllczwvqddtnkunqvmlz.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yhfpq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wtfdsnifyjhvniqhila.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pxud = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yxllczwvqddtnkunqvmlz.exe" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pxud = "wtfdsnifyjhvniqhila.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yhfpq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vpytfxpjzhcncuzn.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\lxylpzjv = "jhutjfbztfetmirjlpfd.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vjmbhtftdf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cxhdqjcxoxtfvouji.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\whhtwfo = "lhspdxrnfpmzqkrhhj.exe" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yhfpq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jhutjfbztfetmirjlpfd.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\yhfpq = "jhutjfbztfetmirjlpfd.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\cprfkvgtc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vpytfxpjzhcncuzn.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pxud = "cxhdqjcxoxtfvouji.exe" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\yhfpq = "wtfdsnifyjhvniqhila.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\yhfpq = "vpytfxpjzhcncuzn.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pxud = "jhutjfbztfetmirjlpfd.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\yhfpq = "wtfdsnifyjhvniqhila.exe ." C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\whhtwfo = "lhspdxrnfpmzqkrhhj.exe" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vjmbhtftdf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lhspdxrnfpmzqkrhhj.exe" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pxud = "yxllczwvqddtnkunqvmlz.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\whhtwfo = "yxllczwvqddtnkunqvmlz.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\cprfkvgtc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yxllczwvqddtnkunqvmlz.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\yhfpq = "jhutjfbztfetmirjlpfd.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pxud = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yxllczwvqddtnkunqvmlz.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vjmbhtftdf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jhutjfbztfetmirjlpfd.exe" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\yhfpq = "yxllczwvqddtnkunqvmlz.exe ." C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pxud = "cxhdqjcxoxtfvouji.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\whhtwfo = "jhutjfbztfetmirjlpfd.exe" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vjmbhtftdf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jhutjfbztfetmirjlpfd.exe" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pxud = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wtfdsnifyjhvniqhila.exe" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\yhfpq = "cxhdqjcxoxtfvouji.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yhfpq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yxllczwvqddtnkunqvmlz.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yhfpq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wtfdsnifyjhvniqhila.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pxud = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yxllczwvqddtnkunqvmlz.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yhfpq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jhutjfbztfetmirjlpfd.exe ." C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\whhtwfo = "vpytfxpjzhcncuzn.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\whhtwfo = "yxllczwvqddtnkunqvmlz.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A

Checks whether UAC is enabled

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A

Hijack Execution Flow: Executable Installer File Permissions Weakness

defense_evasion persistence privilege_escalation
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A www.showmyipaddress.com N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A whatismyip.everdot.org N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\lhspdxrnfpmzqkrhhj.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\jhutjfbztfetmirjlpfd.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\wtfdsnifyjhvniqhila.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\lhspdxrnfpmzqkrhhj.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\yxllczwvqddtnkunqvmlz.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\cxhdqjcxoxtfvouji.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\lhspdxrnfpmzqkrhhj.exe C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
File opened for modification C:\Windows\SysWOW64\wtfdsnifyjhvniqhila.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\lhspdxrnfpmzqkrhhj.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\ppefxvttpdevqoztxdvvkl.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\jhutjfbztfetmirjlpfd.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\jhutjfbztfetmirjlpfd.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\vpytfxpjzhcncuzn.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\cxhdqjcxoxtfvouji.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\yhfpqxenspzzdkehujktrbcjqze.llp C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
File opened for modification C:\Windows\SysWOW64\yxllczwvqddtnkunqvmlz.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\yxllczwvqddtnkunqvmlz.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\ppefxvttpdevqoztxdvvkl.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\lhspdxrnfpmzqkrhhj.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\yxllczwvqddtnkunqvmlz.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\ppefxvttpdevqoztxdvvkl.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\wtfdsnifyjhvniqhila.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\wtfdsnifyjhvniqhila.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\lhspdxrnfpmzqkrhhj.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\cxhdqjcxoxtfvouji.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\wtfdsnifyjhvniqhila.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\jhutjfbztfetmirjlpfd.exe C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
File opened for modification C:\Windows\SysWOW64\jhutjfbztfetmirjlpfd.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\vpytfxpjzhcncuzn.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\cxhdqjcxoxtfvouji.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\jhutjfbztfetmirjlpfd.exe C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
File opened for modification C:\Windows\SysWOW64\jhutjfbztfetmirjlpfd.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\wtfdsnifyjhvniqhila.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\cxhdqjcxoxtfvouji.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\vpytfxpjzhcncuzn.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\vpytfxpjzhcncuzn.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\yxllczwvqddtnkunqvmlz.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\vpytfxpjzhcncuzn.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\wtfdsnifyjhvniqhila.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\yxllczwvqddtnkunqvmlz.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\ppefxvttpdevqoztxdvvkl.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\vpytfxpjzhcncuzn.exe C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
File opened for modification C:\Windows\SysWOW64\lhspdxrnfpmzqkrhhj.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\vpytfxpjzhcncuzn.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\lhspdxrnfpmzqkrhhj.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\vpytfxpjzhcncuzn.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\wtfdsnifyjhvniqhila.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\wtfdsnifyjhvniqhila.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\ppefxvttpdevqoztxdvvkl.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\lhspdxrnfpmzqkrhhj.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\vpytfxpjzhcncuzn.exe C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
File opened for modification C:\Windows\SysWOW64\lhspdxrnfpmzqkrhhj.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\lhspdxrnfpmzqkrhhj.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\ppefxvttpdevqoztxdvvkl.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\vpytfxpjzhcncuzn.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\yxllczwvqddtnkunqvmlz.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\ppefxvttpdevqoztxdvvkl.exe C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
File opened for modification C:\Windows\SysWOW64\vpytfxpjzhcncuzn.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\ppefxvttpdevqoztxdvvkl.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\lhspdxrnfpmzqkrhhj.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\vpytfxpjzhcncuzn.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\vpytfxpjzhcncuzn.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\vpytfxpjzhcncuzn.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\wtfdsnifyjhvniqhila.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\yhfpqxenspzzdkehujktrbcjqze.llp C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
File created C:\Program Files (x86)\yhfpqxenspzzdkehujktrbcjqze.llp C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
File opened for modification C:\Program Files (x86)\vpytfxpjzhcncuznllxravhzrlbjepewbpnnzt.xjb C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
File created C:\Program Files (x86)\vpytfxpjzhcncuznllxravhzrlbjepewbpnnzt.xjb C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\jhutjfbztfetmirjlpfd.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\cxhdqjcxoxtfvouji.exe C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
File opened for modification C:\Windows\vpytfxpjzhcncuzn.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\lhspdxrnfpmzqkrhhj.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\vpytfxpjzhcncuzn.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\vpytfxpjzhcncuzn.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\vpytfxpjzhcncuznllxravhzrlbjepewbpnnzt.xjb C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
File opened for modification C:\Windows\jhutjfbztfetmirjlpfd.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\cxhdqjcxoxtfvouji.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\yxllczwvqddtnkunqvmlz.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\cxhdqjcxoxtfvouji.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\lhspdxrnfpmzqkrhhj.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\vpytfxpjzhcncuzn.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\ppefxvttpdevqoztxdvvkl.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\yxllczwvqddtnkunqvmlz.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\wtfdsnifyjhvniqhila.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\jhutjfbztfetmirjlpfd.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\vpytfxpjzhcncuzn.exe C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
File opened for modification C:\Windows\cxhdqjcxoxtfvouji.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\cxhdqjcxoxtfvouji.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\vpytfxpjzhcncuzn.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\lhspdxrnfpmzqkrhhj.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\ppefxvttpdevqoztxdvvkl.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File created C:\Windows\vpytfxpjzhcncuznllxravhzrlbjepewbpnnzt.xjb C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
File opened for modification C:\Windows\yxllczwvqddtnkunqvmlz.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\jhutjfbztfetmirjlpfd.exe C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
File opened for modification C:\Windows\jhutjfbztfetmirjlpfd.exe C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
File opened for modification C:\Windows\cxhdqjcxoxtfvouji.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\wtfdsnifyjhvniqhila.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\wtfdsnifyjhvniqhila.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\vpytfxpjzhcncuzn.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\vpytfxpjzhcncuzn.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\lhspdxrnfpmzqkrhhj.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\wtfdsnifyjhvniqhila.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\wtfdsnifyjhvniqhila.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\jhutjfbztfetmirjlpfd.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\yxllczwvqddtnkunqvmlz.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\jhutjfbztfetmirjlpfd.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\ppefxvttpdevqoztxdvvkl.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\jhutjfbztfetmirjlpfd.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\ppefxvttpdevqoztxdvvkl.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\yxllczwvqddtnkunqvmlz.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\yxllczwvqddtnkunqvmlz.exe C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
File opened for modification C:\Windows\yxllczwvqddtnkunqvmlz.exe C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
File opened for modification C:\Windows\yxllczwvqddtnkunqvmlz.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\jhutjfbztfetmirjlpfd.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\lhspdxrnfpmzqkrhhj.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\vpytfxpjzhcncuzn.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\ppefxvttpdevqoztxdvvkl.exe C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
File opened for modification C:\Windows\jhutjfbztfetmirjlpfd.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\ppefxvttpdevqoztxdvvkl.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\cxhdqjcxoxtfvouji.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\lhspdxrnfpmzqkrhhj.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\ppefxvttpdevqoztxdvvkl.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\wtfdsnifyjhvniqhila.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\vpytfxpjzhcncuzn.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\yxllczwvqddtnkunqvmlz.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\vpytfxpjzhcncuzn.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\vpytfxpjzhcncuzn.exe C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
File opened for modification C:\Windows\cxhdqjcxoxtfvouji.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\wtfdsnifyjhvniqhila.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\cxhdqjcxoxtfvouji.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\yxllczwvqddtnkunqvmlz.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\lhspdxrnfpmzqkrhhj.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\yxllczwvqddtnkunqvmlz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\jhutjfbztfetmirjlpfd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\wtfdsnifyjhvniqhila.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\jhutjfbztfetmirjlpfd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\cxhdqjcxoxtfvouji.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\cxhdqjcxoxtfvouji.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\jhutjfbztfetmirjlpfd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\cxhdqjcxoxtfvouji.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\cxhdqjcxoxtfvouji.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\lhspdxrnfpmzqkrhhj.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\lhspdxrnfpmzqkrhhj.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\yxllczwvqddtnkunqvmlz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\jhutjfbztfetmirjlpfd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\yxllczwvqddtnkunqvmlz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\yxllczwvqddtnkunqvmlz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vpytfxpjzhcncuzn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\wtfdsnifyjhvniqhila.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\jhutjfbztfetmirjlpfd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\wtfdsnifyjhvniqhila.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\wtfdsnifyjhvniqhila.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\cxhdqjcxoxtfvouji.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\wtfdsnifyjhvniqhila.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vpytfxpjzhcncuzn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\jhutjfbztfetmirjlpfd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vpytfxpjzhcncuzn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\yxllczwvqddtnkunqvmlz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vpytfxpjzhcncuzn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\cxhdqjcxoxtfvouji.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\wtfdsnifyjhvniqhila.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 432 wrote to memory of 4128 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
PID 432 wrote to memory of 4128 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
PID 432 wrote to memory of 4128 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
PID 2952 wrote to memory of 1724 N/A C:\Windows\system32\cmd.exe C:\Windows\jhutjfbztfetmirjlpfd.exe
PID 2952 wrote to memory of 1724 N/A C:\Windows\system32\cmd.exe C:\Windows\jhutjfbztfetmirjlpfd.exe
PID 2952 wrote to memory of 1724 N/A C:\Windows\system32\cmd.exe C:\Windows\jhutjfbztfetmirjlpfd.exe
PID 4696 wrote to memory of 4428 N/A C:\Windows\system32\cmd.exe C:\Windows\jhutjfbztfetmirjlpfd.exe
PID 4696 wrote to memory of 4428 N/A C:\Windows\system32\cmd.exe C:\Windows\jhutjfbztfetmirjlpfd.exe
PID 4696 wrote to memory of 4428 N/A C:\Windows\system32\cmd.exe C:\Windows\jhutjfbztfetmirjlpfd.exe
PID 4428 wrote to memory of 836 N/A C:\Windows\jhutjfbztfetmirjlpfd.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
PID 4428 wrote to memory of 836 N/A C:\Windows\jhutjfbztfetmirjlpfd.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
PID 4428 wrote to memory of 836 N/A C:\Windows\jhutjfbztfetmirjlpfd.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
PID 4452 wrote to memory of 1220 N/A C:\Windows\system32\cmd.exe C:\Windows\jhutjfbztfetmirjlpfd.exe
PID 4452 wrote to memory of 1220 N/A C:\Windows\system32\cmd.exe C:\Windows\jhutjfbztfetmirjlpfd.exe
PID 4452 wrote to memory of 1220 N/A C:\Windows\system32\cmd.exe C:\Windows\jhutjfbztfetmirjlpfd.exe
PID 4032 wrote to memory of 760 N/A C:\Windows\system32\cmd.exe C:\Windows\vpytfxpjzhcncuzn.exe
PID 4032 wrote to memory of 760 N/A C:\Windows\system32\cmd.exe C:\Windows\vpytfxpjzhcncuzn.exe
PID 4032 wrote to memory of 760 N/A C:\Windows\system32\cmd.exe C:\Windows\vpytfxpjzhcncuzn.exe
PID 3092 wrote to memory of 3068 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
PID 3092 wrote to memory of 3068 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
PID 3092 wrote to memory of 3068 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe
PID 760 wrote to memory of 1508 N/A C:\Windows\vpytfxpjzhcncuzn.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
PID 760 wrote to memory of 1508 N/A C:\Windows\vpytfxpjzhcncuzn.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
PID 760 wrote to memory of 1508 N/A C:\Windows\vpytfxpjzhcncuzn.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
PID 5108 wrote to memory of 1944 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
PID 5108 wrote to memory of 1944 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
PID 5108 wrote to memory of 1944 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
PID 1944 wrote to memory of 1196 N/A C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
PID 1944 wrote to memory of 1196 N/A C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
PID 1944 wrote to memory of 1196 N/A C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
PID 1680 wrote to memory of 1836 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Conhost.exe
PID 1680 wrote to memory of 1836 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Conhost.exe
PID 1680 wrote to memory of 1836 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Conhost.exe
PID 4504 wrote to memory of 3628 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
PID 4504 wrote to memory of 3628 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
PID 4504 wrote to memory of 3628 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
PID 3628 wrote to memory of 3832 N/A C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
PID 3628 wrote to memory of 3832 N/A C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
PID 3628 wrote to memory of 3832 N/A C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
PID 4128 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe
PID 4128 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe
PID 4128 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe
PID 4128 wrote to memory of 4712 N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe
PID 4128 wrote to memory of 4712 N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe
PID 4128 wrote to memory of 4712 N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe
PID 2596 wrote to memory of 5032 N/A C:\Windows\system32\cmd.exe C:\Windows\yxllczwvqddtnkunqvmlz.exe
PID 2596 wrote to memory of 5032 N/A C:\Windows\system32\cmd.exe C:\Windows\yxllczwvqddtnkunqvmlz.exe
PID 2596 wrote to memory of 5032 N/A C:\Windows\system32\cmd.exe C:\Windows\yxllczwvqddtnkunqvmlz.exe
PID 4584 wrote to memory of 4496 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Conhost.exe
PID 4584 wrote to memory of 4496 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Conhost.exe
PID 4584 wrote to memory of 4496 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Conhost.exe
PID 1064 wrote to memory of 1620 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
PID 1064 wrote to memory of 1620 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
PID 1064 wrote to memory of 1620 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe
PID 2976 wrote to memory of 3048 N/A C:\Windows\system32\cmd.exe C:\Windows\wtfdsnifyjhvniqhila.exe
PID 2976 wrote to memory of 3048 N/A C:\Windows\system32\cmd.exe C:\Windows\wtfdsnifyjhvniqhila.exe
PID 2976 wrote to memory of 3048 N/A C:\Windows\system32\cmd.exe C:\Windows\wtfdsnifyjhvniqhila.exe
PID 1620 wrote to memory of 552 N/A C:\Windows\wtfdsnifyjhvniqhila.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
PID 1620 wrote to memory of 552 N/A C:\Windows\wtfdsnifyjhvniqhila.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
PID 1620 wrote to memory of 552 N/A C:\Windows\wtfdsnifyjhvniqhila.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
PID 3048 wrote to memory of 2828 N/A C:\Windows\wtfdsnifyjhvniqhila.exe C:\Windows\System32\Conhost.exe
PID 3048 wrote to memory of 2828 N/A C:\Windows\wtfdsnifyjhvniqhila.exe C:\Windows\System32\Conhost.exe
PID 3048 wrote to memory of 2828 N/A C:\Windows\wtfdsnifyjhvniqhila.exe C:\Windows\System32\Conhost.exe
PID 1664 wrote to memory of 1856 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe

System policy modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe"

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_bad3aa8bfd42552d828c35c8202f43f6.exe*"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe

C:\Windows\jhutjfbztfetmirjlpfd.exe

jhutjfbztfetmirjlpfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe .

C:\Windows\jhutjfbztfetmirjlpfd.exe

jhutjfbztfetmirjlpfd.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\jhutjfbztfetmirjlpfd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe .

C:\Windows\jhutjfbztfetmirjlpfd.exe

jhutjfbztfetmirjlpfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Windows\vpytfxpjzhcncuzn.exe

vpytfxpjzhcncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vpytfxpjzhcncuzn.exe*."

C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe

C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\wtfdsnifyjhvniqhila.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe

C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\wtfdsnifyjhvniqhila.exe*."

C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe

"C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe" "-C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe"

C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe

"C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe" "-C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe .

C:\Windows\yxllczwvqddtnkunqvmlz.exe

yxllczwvqddtnkunqvmlz.exe

C:\Windows\yxllczwvqddtnkunqvmlz.exe

yxllczwvqddtnkunqvmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe .

C:\Windows\wtfdsnifyjhvniqhila.exe

wtfdsnifyjhvniqhila.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe

C:\Windows\wtfdsnifyjhvniqhila.exe

wtfdsnifyjhvniqhila.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\wtfdsnifyjhvniqhila.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\wtfdsnifyjhvniqhila.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Windows\vpytfxpjzhcncuzn.exe

vpytfxpjzhcncuzn.exe .

C:\Windows\cxhdqjcxoxtfvouji.exe

cxhdqjcxoxtfvouji.exe

C:\Windows\cxhdqjcxoxtfvouji.exe

cxhdqjcxoxtfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .

C:\Windows\yxllczwvqddtnkunqvmlz.exe

yxllczwvqddtnkunqvmlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe

C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe

C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe

C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .

C:\Windows\cxhdqjcxoxtfvouji.exe

cxhdqjcxoxtfvouji.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe .

C:\Windows\jhutjfbztfetmirjlpfd.exe

jhutjfbztfetmirjlpfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe

C:\Windows\yxllczwvqddtnkunqvmlz.exe

yxllczwvqddtnkunqvmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .

C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe

C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\cxhdqjcxoxtfvouji.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\cxhdqjcxoxtfvouji.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lhspdxrnfpmzqkrhhj.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vpytfxpjzhcncuzn.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vpytfxpjzhcncuzn.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\yxllczwvqddtnkunqvmlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\jhutjfbztfetmirjlpfd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vpytfxpjzhcncuzn.exe*."

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Windows\vpytfxpjzhcncuzn.exe

vpytfxpjzhcncuzn.exe .

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\jhutjfbztfetmirjlpfd.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vpytfxpjzhcncuzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\vpytfxpjzhcncuzn.exe

vpytfxpjzhcncuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\yxllczwvqddtnkunqvmlz.exe

yxllczwvqddtnkunqvmlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\yxllczwvqddtnkunqvmlz.exe*."

C:\Windows\jhutjfbztfetmirjlpfd.exe

jhutjfbztfetmirjlpfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe

C:\Windows\vpytfxpjzhcncuzn.exe

vpytfxpjzhcncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vpytfxpjzhcncuzn.exe*."

C:\Windows\wtfdsnifyjhvniqhila.exe

wtfdsnifyjhvniqhila.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe

C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .

C:\Windows\jhutjfbztfetmirjlpfd.exe

jhutjfbztfetmirjlpfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lhspdxrnfpmzqkrhhj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe .

C:\Windows\yxllczwvqddtnkunqvmlz.exe

yxllczwvqddtnkunqvmlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lhspdxrnfpmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\cxhdqjcxoxtfvouji.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lhspdxrnfpmzqkrhhj.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe

C:\Windows\cxhdqjcxoxtfvouji.exe

cxhdqjcxoxtfvouji.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\yxllczwvqddtnkunqvmlz.exe*."

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\cxhdqjcxoxtfvouji.exe*."

C:\Windows\lhspdxrnfpmzqkrhhj.exe

lhspdxrnfpmzqkrhhj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .

C:\Windows\lhspdxrnfpmzqkrhhj.exe

lhspdxrnfpmzqkrhhj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe

C:\Windows\jhutjfbztfetmirjlpfd.exe

jhutjfbztfetmirjlpfd.exe .

C:\Windows\lhspdxrnfpmzqkrhhj.exe

lhspdxrnfpmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe .

C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe

C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe

C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe

C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\jhutjfbztfetmirjlpfd.exe*."

C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe

C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe

C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\yxllczwvqddtnkunqvmlz.exe*."

C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe

C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .

C:\Windows\yxllczwvqddtnkunqvmlz.exe

yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lhspdxrnfpmzqkrhhj.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vpytfxpjzhcncuzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe .

C:\Windows\cxhdqjcxoxtfvouji.exe

cxhdqjcxoxtfvouji.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\cxhdqjcxoxtfvouji.exe*."

C:\Windows\jhutjfbztfetmirjlpfd.exe

jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\wtfdsnifyjhvniqhila.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .

C:\Windows\wtfdsnifyjhvniqhila.exe

wtfdsnifyjhvniqhila.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\cxhdqjcxoxtfvouji.exe*."

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe

C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\wtfdsnifyjhvniqhila.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\cxhdqjcxoxtfvouji.exe*."

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe .

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\jhutjfbztfetmirjlpfd.exe*."

C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe

C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\wtfdsnifyjhvniqhila.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe

C:\Windows\cxhdqjcxoxtfvouji.exe

cxhdqjcxoxtfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe .

C:\Windows\yxllczwvqddtnkunqvmlz.exe

yxllczwvqddtnkunqvmlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\yxllczwvqddtnkunqvmlz.exe*."

C:\Windows\yxllczwvqddtnkunqvmlz.exe

yxllczwvqddtnkunqvmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Windows\yxllczwvqddtnkunqvmlz.exe

yxllczwvqddtnkunqvmlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\yxllczwvqddtnkunqvmlz.exe*."

C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe

C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\wtfdsnifyjhvniqhila.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe .

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\jhutjfbztfetmirjlpfd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe

C:\Windows\yxllczwvqddtnkunqvmlz.exe

yxllczwvqddtnkunqvmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe .

C:\Windows\jhutjfbztfetmirjlpfd.exe

jhutjfbztfetmirjlpfd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lhspdxrnfpmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\jhutjfbztfetmirjlpfd.exe*."

C:\Windows\lhspdxrnfpmzqkrhhj.exe

lhspdxrnfpmzqkrhhj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Windows\vpytfxpjzhcncuzn.exe

vpytfxpjzhcncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vpytfxpjzhcncuzn.exe*."

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vpytfxpjzhcncuzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe .

C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe

C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\yxllczwvqddtnkunqvmlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe

C:\Windows\wtfdsnifyjhvniqhila.exe

wtfdsnifyjhvniqhila.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe .

C:\Windows\vpytfxpjzhcncuzn.exe

vpytfxpjzhcncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vpytfxpjzhcncuzn.exe*."

C:\Windows\yxllczwvqddtnkunqvmlz.exe

yxllczwvqddtnkunqvmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Windows\yxllczwvqddtnkunqvmlz.exe

yxllczwvqddtnkunqvmlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe .

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\yxllczwvqddtnkunqvmlz.exe*."

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\yxllczwvqddtnkunqvmlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lhspdxrnfpmzqkrhhj.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe

C:\Windows\cxhdqjcxoxtfvouji.exe

cxhdqjcxoxtfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe .

C:\Windows\wtfdsnifyjhvniqhila.exe

wtfdsnifyjhvniqhila.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lhspdxrnfpmzqkrhhj.exe .

C:\Windows\jhutjfbztfetmirjlpfd.exe

jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\wtfdsnifyjhvniqhila.exe*."

C:\Windows\lhspdxrnfpmzqkrhhj.exe

lhspdxrnfpmzqkrhhj.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lhspdxrnfpmzqkrhhj.exe*."

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lhspdxrnfpmzqkrhhj.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe

C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\wtfdsnifyjhvniqhila.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe

C:\Windows\wtfdsnifyjhvniqhila.exe

wtfdsnifyjhvniqhila.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe .

C:\Windows\cxhdqjcxoxtfvouji.exe

cxhdqjcxoxtfvouji.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\cxhdqjcxoxtfvouji.exe*."

C:\Windows\jhutjfbztfetmirjlpfd.exe

jhutjfbztfetmirjlpfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Windows\vpytfxpjzhcncuzn.exe

vpytfxpjzhcncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vpytfxpjzhcncuzn.exe*."

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vpytfxpjzhcncuzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vpytfxpjzhcncuzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe

C:\Windows\cxhdqjcxoxtfvouji.exe

cxhdqjcxoxtfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe

C:\Windows\vpytfxpjzhcncuzn.exe

vpytfxpjzhcncuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe .

C:\Windows\wtfdsnifyjhvniqhila.exe

wtfdsnifyjhvniqhila.exe .

C:\Windows\cxhdqjcxoxtfvouji.exe

cxhdqjcxoxtfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe .

C:\Windows\jhutjfbztfetmirjlpfd.exe

jhutjfbztfetmirjlpfd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe

C:\Windows\jhutjfbztfetmirjlpfd.exe

jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\wtfdsnifyjhvniqhila.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe

C:\Windows\wtfdsnifyjhvniqhila.exe

wtfdsnifyjhvniqhila.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\jhutjfbztfetmirjlpfd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\wtfdsnifyjhvniqhila.exe*."

C:\Windows\vpytfxpjzhcncuzn.exe

vpytfxpjzhcncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe .

C:\Windows\jhutjfbztfetmirjlpfd.exe

jhutjfbztfetmirjlpfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .

C:\Windows\wtfdsnifyjhvniqhila.exe

wtfdsnifyjhvniqhila.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vpytfxpjzhcncuzn.exe*."

C:\Windows\jhutjfbztfetmirjlpfd.exe

jhutjfbztfetmirjlpfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe .

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe .

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Windows\cxhdqjcxoxtfvouji.exe

cxhdqjcxoxtfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\wtfdsnifyjhvniqhila.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lhspdxrnfpmzqkrhhj.exe*."

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe .

C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe

C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lhspdxrnfpmzqkrhhj.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\cxhdqjcxoxtfvouji.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\yxllczwvqddtnkunqvmlz.exe*."

C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe

C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\jhutjfbztfetmirjlpfd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\cxhdqjcxoxtfvouji.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\yxllczwvqddtnkunqvmlz.exe*."

C:\Windows\vpytfxpjzhcncuzn.exe

vpytfxpjzhcncuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe .

C:\Windows\vpytfxpjzhcncuzn.exe

vpytfxpjzhcncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vpytfxpjzhcncuzn.exe*."

C:\Windows\yxllczwvqddtnkunqvmlz.exe

yxllczwvqddtnkunqvmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\jhutjfbztfetmirjlpfd.exe

jhutjfbztfetmirjlpfd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\jhutjfbztfetmirjlpfd.exe*."

C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe

C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\cxhdqjcxoxtfvouji.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lhspdxrnfpmzqkrhhj.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe

C:\Windows\jhutjfbztfetmirjlpfd.exe

jhutjfbztfetmirjlpfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe .

C:\Windows\wtfdsnifyjhvniqhila.exe

wtfdsnifyjhvniqhila.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\wtfdsnifyjhvniqhila.exe*."

C:\Windows\cxhdqjcxoxtfvouji.exe

cxhdqjcxoxtfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe

C:\Windows\vpytfxpjzhcncuzn.exe

vpytfxpjzhcncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe

C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vpytfxpjzhcncuzn.exe*."

C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe

C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\cxhdqjcxoxtfvouji.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe .

C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe

C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\jhutjfbztfetmirjlpfd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\vpytfxpjzhcncuzn.exe

vpytfxpjzhcncuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe .

C:\Windows\jhutjfbztfetmirjlpfd.exe

jhutjfbztfetmirjlpfd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lhspdxrnfpmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\jhutjfbztfetmirjlpfd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe .

C:\Windows\lhspdxrnfpmzqkrhhj.exe

lhspdxrnfpmzqkrhhj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Windows\yxllczwvqddtnkunqvmlz.exe

yxllczwvqddtnkunqvmlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\yxllczwvqddtnkunqvmlz.exe*."

C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe

C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\cxhdqjcxoxtfvouji.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .

C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe

C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vpytfxpjzhcncuzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe

C:\Windows\jhutjfbztfetmirjlpfd.exe

jhutjfbztfetmirjlpfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe .

C:\Windows\wtfdsnifyjhvniqhila.exe

wtfdsnifyjhvniqhila.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\wtfdsnifyjhvniqhila.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe .

C:\Windows\cxhdqjcxoxtfvouji.exe

cxhdqjcxoxtfvouji.exe

C:\Windows\jhutjfbztfetmirjlpfd.exe

jhutjfbztfetmirjlpfd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\jhutjfbztfetmirjlpfd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lhspdxrnfpmzqkrhhj.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lhspdxrnfpmzqkrhhj.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe

C:\Windows\wtfdsnifyjhvniqhila.exe

wtfdsnifyjhvniqhila.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\cxhdqjcxoxtfvouji.exe

cxhdqjcxoxtfvouji.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\cxhdqjcxoxtfvouji.exe*."

C:\Windows\vpytfxpjzhcncuzn.exe

vpytfxpjzhcncuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Windows\yxllczwvqddtnkunqvmlz.exe

yxllczwvqddtnkunqvmlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe .

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\yxllczwvqddtnkunqvmlz.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\yxllczwvqddtnkunqvmlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe

C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\wtfdsnifyjhvniqhila.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe

C:\Windows\jhutjfbztfetmirjlpfd.exe

jhutjfbztfetmirjlpfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe .

C:\Windows\vpytfxpjzhcncuzn.exe

vpytfxpjzhcncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vpytfxpjzhcncuzn.exe*."

C:\Windows\yxllczwvqddtnkunqvmlz.exe

yxllczwvqddtnkunqvmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe

C:\Windows\cxhdqjcxoxtfvouji.exe

cxhdqjcxoxtfvouji.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .

C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\cxhdqjcxoxtfvouji.exe*."

C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe

C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\wtfdsnifyjhvniqhila.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Windows\wtfdsnifyjhvniqhila.exe

wtfdsnifyjhvniqhila.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe .

C:\Windows\jhutjfbztfetmirjlpfd.exe

jhutjfbztfetmirjlpfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe .

C:\Windows\cxhdqjcxoxtfvouji.exe

cxhdqjcxoxtfvouji.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lhspdxrnfpmzqkrhhj.exe .

C:\Windows\vpytfxpjzhcncuzn.exe

vpytfxpjzhcncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\jhutjfbztfetmirjlpfd.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\cxhdqjcxoxtfvouji.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe .

C:\Windows\yxllczwvqddtnkunqvmlz.exe

yxllczwvqddtnkunqvmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vpytfxpjzhcncuzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe .

C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe

C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\yxllczwvqddtnkunqvmlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lhspdxrnfpmzqkrhhj.exe*."

C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe

C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .

C:\Windows\jhutjfbztfetmirjlpfd.exe

jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe

C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\wtfdsnifyjhvniqhila.exe*."

C:\Windows\wtfdsnifyjhvniqhila.exe

wtfdsnifyjhvniqhila.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lhspdxrnfpmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\cxhdqjcxoxtfvouji.exe*."

C:\Windows\yxllczwvqddtnkunqvmlz.exe

yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\wtfdsnifyjhvniqhila.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Windows\cxhdqjcxoxtfvouji.exe

cxhdqjcxoxtfvouji.exe .

C:\Windows\cxhdqjcxoxtfvouji.exe

cxhdqjcxoxtfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .

C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe

C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe

C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe

C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\cxhdqjcxoxtfvouji.exe*."

C:\Windows\lhspdxrnfpmzqkrhhj.exe

lhspdxrnfpmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\wtfdsnifyjhvniqhila.exe*."

C:\Windows\lhspdxrnfpmzqkrhhj.exe

lhspdxrnfpmzqkrhhj.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lhspdxrnfpmzqkrhhj.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lhspdxrnfpmzqkrhhj.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lhspdxrnfpmzqkrhhj.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe

C:\Windows\jhutjfbztfetmirjlpfd.exe

jhutjfbztfetmirjlpfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe .

C:\Windows\cxhdqjcxoxtfvouji.exe

cxhdqjcxoxtfvouji.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\cxhdqjcxoxtfvouji.exe*."

C:\Windows\jhutjfbztfetmirjlpfd.exe

jhutjfbztfetmirjlpfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Windows\vpytfxpjzhcncuzn.exe

vpytfxpjzhcncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vpytfxpjzhcncuzn.exe*."

C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe

C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\cxhdqjcxoxtfvouji.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe

C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\wtfdsnifyjhvniqhila.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe

C:\Windows\vpytfxpjzhcncuzn.exe

vpytfxpjzhcncuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe .

C:\Windows\wtfdsnifyjhvniqhila.exe

wtfdsnifyjhvniqhila.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\wtfdsnifyjhvniqhila.exe*."

C:\Windows\wtfdsnifyjhvniqhila.exe

wtfdsnifyjhvniqhila.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Windows\vpytfxpjzhcncuzn.exe

vpytfxpjzhcncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vpytfxpjzhcncuzn.exe*."

C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe

C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\wtfdsnifyjhvniqhila.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe

C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe

C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe

C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\wtfdsnifyjhvniqhila.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe

C:\Windows\vpytfxpjzhcncuzn.exe

vpytfxpjzhcncuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lhspdxrnfpmzqkrhhj.exe .

C:\Windows\lhspdxrnfpmzqkrhhj.exe

lhspdxrnfpmzqkrhhj.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lhspdxrnfpmzqkrhhj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lhspdxrnfpmzqkrhhj.exe*."

C:\Windows\lhspdxrnfpmzqkrhhj.exe

lhspdxrnfpmzqkrhhj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Windows\jhutjfbztfetmirjlpfd.exe

jhutjfbztfetmirjlpfd.exe .

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\jhutjfbztfetmirjlpfd.exe*."

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\jhutjfbztfetmirjlpfd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vpytfxpjzhcncuzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe

C:\Windows\cxhdqjcxoxtfvouji.exe

cxhdqjcxoxtfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe .

C:\Windows\jhutjfbztfetmirjlpfd.exe

jhutjfbztfetmirjlpfd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lhspdxrnfpmzqkrhhj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\jhutjfbztfetmirjlpfd.exe*."

C:\Windows\lhspdxrnfpmzqkrhhj.exe

lhspdxrnfpmzqkrhhj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Windows\yxllczwvqddtnkunqvmlz.exe

yxllczwvqddtnkunqvmlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\yxllczwvqddtnkunqvmlz.exe*."

C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lhspdxrnfpmzqkrhhj.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe

C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe

C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe

C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\cxhdqjcxoxtfvouji.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe

C:\Windows\wtfdsnifyjhvniqhila.exe

wtfdsnifyjhvniqhila.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe .

C:\Windows\wtfdsnifyjhvniqhila.exe

wtfdsnifyjhvniqhila.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\wtfdsnifyjhvniqhila.exe*."

C:\Windows\wtfdsnifyjhvniqhila.exe

wtfdsnifyjhvniqhila.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Windows\jhutjfbztfetmirjlpfd.exe

jhutjfbztfetmirjlpfd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\jhutjfbztfetmirjlpfd.exe*."

C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lhspdxrnfpmzqkrhhj.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .

C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe

C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe

C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe

C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\wtfdsnifyjhvniqhila.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe

C:\Windows\yxllczwvqddtnkunqvmlz.exe

yxllczwvqddtnkunqvmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe .

C:\Windows\jhutjfbztfetmirjlpfd.exe

jhutjfbztfetmirjlpfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe .

C:\Windows\jhutjfbztfetmirjlpfd.exe

jhutjfbztfetmirjlpfd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe

C:\Windows\yxllczwvqddtnkunqvmlz.exe

yxllczwvqddtnkunqvmlz.exe .

C:\Windows\cxhdqjcxoxtfvouji.exe

cxhdqjcxoxtfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\jhutjfbztfetmirjlpfd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe

C:\Windows\vpytfxpjzhcncuzn.exe

vpytfxpjzhcncuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\yxllczwvqddtnkunqvmlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lhspdxrnfpmzqkrhhj.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Windows\cxhdqjcxoxtfvouji.exe

cxhdqjcxoxtfvouji.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .

C:\Windows\jhutjfbztfetmirjlpfd.exe

jhutjfbztfetmirjlpfd.exe

C:\Windows\jhutjfbztfetmirjlpfd.exe

jhutjfbztfetmirjlpfd.exe .

C:\Windows\vpytfxpjzhcncuzn.exe

vpytfxpjzhcncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\cxhdqjcxoxtfvouji.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .

C:\Windows\lhspdxrnfpmzqkrhhj.exe

lhspdxrnfpmzqkrhhj.exe .

C:\Windows\jhutjfbztfetmirjlpfd.exe

jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vpytfxpjzhcncuzn.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\jhutjfbztfetmirjlpfd.exe*."

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vpytfxpjzhcncuzn.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lhspdxrnfpmzqkrhhj.exe*."

C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe .

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vpytfxpjzhcncuzn.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\yxllczwvqddtnkunqvmlz.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vpytfxpjzhcncuzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lhspdxrnfpmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vpytfxpjzhcncuzn.exe*."

C:\Windows\jhutjfbztfetmirjlpfd.exe

jhutjfbztfetmirjlpfd.exe

C:\Windows\lhspdxrnfpmzqkrhhj.exe

lhspdxrnfpmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe

C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe

C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lhspdxrnfpmzqkrhhj.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\wtfdsnifyjhvniqhila.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe .

C:\Windows\jhutjfbztfetmirjlpfd.exe

jhutjfbztfetmirjlpfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Windows\jhutjfbztfetmirjlpfd.exe

jhutjfbztfetmirjlpfd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe .

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\jhutjfbztfetmirjlpfd.exe*."

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\yxllczwvqddtnkunqvmlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe

C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\cxhdqjcxoxtfvouji.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe

C:\Windows\vpytfxpjzhcncuzn.exe

vpytfxpjzhcncuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe .

C:\Windows\wtfdsnifyjhvniqhila.exe

wtfdsnifyjhvniqhila.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\wtfdsnifyjhvniqhila.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe .

C:\Windows\cxhdqjcxoxtfvouji.exe

cxhdqjcxoxtfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\yxllczwvqddtnkunqvmlz.exe

yxllczwvqddtnkunqvmlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe .

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\yxllczwvqddtnkunqvmlz.exe*."

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\yxllczwvqddtnkunqvmlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .

C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe

C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\wtfdsnifyjhvniqhila.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe

C:\Windows\yxllczwvqddtnkunqvmlz.exe

yxllczwvqddtnkunqvmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe .

C:\Windows\cxhdqjcxoxtfvouji.exe

cxhdqjcxoxtfvouji.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\cxhdqjcxoxtfvouji.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe .

C:\Windows\jhutjfbztfetmirjlpfd.exe

jhutjfbztfetmirjlpfd.exe

C:\Windows\jhutjfbztfetmirjlpfd.exe

jhutjfbztfetmirjlpfd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\jhutjfbztfetmirjlpfd.exe*."

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\yxllczwvqddtnkunqvmlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\yxllczwvqddtnkunqvmlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lhspdxrnfpmzqkrhhj.exe

C:\Windows\lhspdxrnfpmzqkrhhj.exe

lhspdxrnfpmzqkrhhj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe .

C:\Windows\vpytfxpjzhcncuzn.exe

vpytfxpjzhcncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vpytfxpjzhcncuzn.exe*."

C:\Windows\jhutjfbztfetmirjlpfd.exe

jhutjfbztfetmirjlpfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe

C:\Windows\wtfdsnifyjhvniqhila.exe

wtfdsnifyjhvniqhila.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .

C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\wtfdsnifyjhvniqhila.exe*."

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vpytfxpjzhcncuzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe .

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\yxllczwvqddtnkunqvmlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe

C:\Windows\cxhdqjcxoxtfvouji.exe

cxhdqjcxoxtfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe .

C:\Windows\vpytfxpjzhcncuzn.exe

vpytfxpjzhcncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vpytfxpjzhcncuzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lhspdxrnfpmzqkrhhj.exe .

C:\Windows\vpytfxpjzhcncuzn.exe

vpytfxpjzhcncuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\lhspdxrnfpmzqkrhhj.exe

lhspdxrnfpmzqkrhhj.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lhspdxrnfpmzqkrhhj.exe*."

C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe

C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\cxhdqjcxoxtfvouji.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe

C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\cxhdqjcxoxtfvouji.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lhspdxrnfpmzqkrhhj.exe

C:\Windows\lhspdxrnfpmzqkrhhj.exe

lhspdxrnfpmzqkrhhj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe .

C:\Windows\yxllczwvqddtnkunqvmlz.exe

yxllczwvqddtnkunqvmlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\yxllczwvqddtnkunqvmlz.exe*."

C:\Windows\vpytfxpjzhcncuzn.exe

vpytfxpjzhcncuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe

C:\Windows\vpytfxpjzhcncuzn.exe

vpytfxpjzhcncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe

C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vpytfxpjzhcncuzn.exe*."

C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe

C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\cxhdqjcxoxtfvouji.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe

C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\cxhdqjcxoxtfvouji.exe*."

C:\Windows\wtfdsnifyjhvniqhila.exe

wtfdsnifyjhvniqhila.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe

C:\Windows\jhutjfbztfetmirjlpfd.exe

jhutjfbztfetmirjlpfd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe

C:\Windows\wtfdsnifyjhvniqhila.exe

wtfdsnifyjhvniqhila.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\jhutjfbztfetmirjlpfd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\cxhdqjcxoxtfvouji.exe

cxhdqjcxoxtfvouji.exe

C:\Windows\cxhdqjcxoxtfvouji.exe

cxhdqjcxoxtfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lhspdxrnfpmzqkrhhj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe .

C:\Windows\jhutjfbztfetmirjlpfd.exe

jhutjfbztfetmirjlpfd.exe .

C:\Windows\wtfdsnifyjhvniqhila.exe

wtfdsnifyjhvniqhila.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\vpytfxpjzhcncuzn.exe

vpytfxpjzhcncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\jhutjfbztfetmirjlpfd.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\wtfdsnifyjhvniqhila.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .

C:\Windows\yxllczwvqddtnkunqvmlz.exe

yxllczwvqddtnkunqvmlz.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vpytfxpjzhcncuzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .

C:\Windows\lhspdxrnfpmzqkrhhj.exe

lhspdxrnfpmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Windows\yxllczwvqddtnkunqvmlz.exe

yxllczwvqddtnkunqvmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\yxllczwvqddtnkunqvmlz.exe*."

C:\Windows\yxllczwvqddtnkunqvmlz.exe

yxllczwvqddtnkunqvmlz.exe .

C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\jhutjfbztfetmirjlpfd.exe*."

C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe

C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\yxllczwvqddtnkunqvmlz.exe*."

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\wtfdsnifyjhvniqhila.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lhspdxrnfpmzqkrhhj.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\yxllczwvqddtnkunqvmlz.exe*."

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vpytfxpjzhcncuzn.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vpytfxpjzhcncuzn.exe*."

C:\Windows\wtfdsnifyjhvniqhila.exe

wtfdsnifyjhvniqhila.exe

C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe

C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe .

C:\Windows\jhutjfbztfetmirjlpfd.exe

jhutjfbztfetmirjlpfd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lhspdxrnfpmzqkrhhj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\jhutjfbztfetmirjlpfd.exe*."

C:\Windows\lhspdxrnfpmzqkrhhj.exe

lhspdxrnfpmzqkrhhj.exe

C:\Windows\jhutjfbztfetmirjlpfd.exe

jhutjfbztfetmirjlpfd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\jhutjfbztfetmirjlpfd.exe*."

C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe

C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\cxhdqjcxoxtfvouji.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .

C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe

C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vpytfxpjzhcncuzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\wtfdsnifyjhvniqhila.exe

wtfdsnifyjhvniqhila.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lhspdxrnfpmzqkrhhj.exe .

C:\Windows\lhspdxrnfpmzqkrhhj.exe

lhspdxrnfpmzqkrhhj.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lhspdxrnfpmzqkrhhj.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe .

C:\Windows\jhutjfbztfetmirjlpfd.exe

jhutjfbztfetmirjlpfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe

C:\Windows\wtfdsnifyjhvniqhila.exe

wtfdsnifyjhvniqhila.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe

C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\wtfdsnifyjhvniqhila.exe*."

C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lhspdxrnfpmzqkrhhj.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe

C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\cxhdqjcxoxtfvouji.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe

C:\Windows\jhutjfbztfetmirjlpfd.exe

jhutjfbztfetmirjlpfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe .

C:\Windows\wtfdsnifyjhvniqhila.exe

wtfdsnifyjhvniqhila.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\wtfdsnifyjhvniqhila.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe .

C:\Windows\vpytfxpjzhcncuzn.exe

vpytfxpjzhcncuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Windows\cxhdqjcxoxtfvouji.exe

cxhdqjcxoxtfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\cxhdqjcxoxtfvouji.exe*."

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\jhutjfbztfetmirjlpfd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe .

C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe

C:\Users\Admin\AppData\Local\Temp\wtfdsnifyjhvniqhila.exe

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\jhutjfbztfetmirjlpfd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe

C:\Windows\cxhdqjcxoxtfvouji.exe

cxhdqjcxoxtfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe .

C:\Windows\cxhdqjcxoxtfvouji.exe

cxhdqjcxoxtfvouji.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\cxhdqjcxoxtfvouji.exe*."

C:\Windows\vpytfxpjzhcncuzn.exe

vpytfxpjzhcncuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\wtfdsnifyjhvniqhila.exe

wtfdsnifyjhvniqhila.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe .

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\wtfdsnifyjhvniqhila.exe*."

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\jhutjfbztfetmirjlpfd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vpytfxpjzhcncuzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe

C:\Windows\wtfdsnifyjhvniqhila.exe

wtfdsnifyjhvniqhila.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lhspdxrnfpmzqkrhhj.exe .

C:\Windows\lhspdxrnfpmzqkrhhj.exe

lhspdxrnfpmzqkrhhj.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lhspdxrnfpmzqkrhhj.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe .

C:\Windows\yxllczwvqddtnkunqvmlz.exe

yxllczwvqddtnkunqvmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\yxllczwvqddtnkunqvmlz.exe

yxllczwvqddtnkunqvmlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\yxllczwvqddtnkunqvmlz.exe*."

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vpytfxpjzhcncuzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lhspdxrnfpmzqkrhhj.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe

C:\Windows\yxllczwvqddtnkunqvmlz.exe

yxllczwvqddtnkunqvmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe .

C:\Windows\jhutjfbztfetmirjlpfd.exe

jhutjfbztfetmirjlpfd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\jhutjfbztfetmirjlpfd.exe*."

C:\Windows\jhutjfbztfetmirjlpfd.exe

jhutjfbztfetmirjlpfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe

C:\Windows\cxhdqjcxoxtfvouji.exe

cxhdqjcxoxtfvouji.exe

C:\Windows\vpytfxpjzhcncuzn.exe

vpytfxpjzhcncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxllczwvqddtnkunqvmlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lhspdxrnfpmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vpytfxpjzhcncuzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe

C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe

C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .

C:\Windows\yxllczwvqddtnkunqvmlz.exe

yxllczwvqddtnkunqvmlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpytfxpjzhcncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .

C:\Windows\lhspdxrnfpmzqkrhhj.exe

lhspdxrnfpmzqkrhhj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Windows\cxhdqjcxoxtfvouji.exe

cxhdqjcxoxtfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhdqjcxoxtfvouji.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\yxllczwvqddtnkunqvmlz.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vpytfxpjzhcncuzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfdsnifyjhvniqhila.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .

C:\Windows\vpytfxpjzhcncuzn.exe

vpytfxpjzhcncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Windows\cxhdqjcxoxtfvouji.exe

cxhdqjcxoxtfvouji.exe

C:\Windows\cxhdqjcxoxtfvouji.exe

cxhdqjcxoxtfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vpytfxpjzhcncuzn.exe*."

C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe

C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe .

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxllczwvqddtnkunqvmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpytfxpjzhcncuzn.exe .

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe

C:\Users\Admin\AppData\Local\Temp\cxhdqjcxoxtfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhutjfbztfetmirjlpfd.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\cxhdqjcxoxtfvouji.exe*."

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\jhutjfbztfetmirjlpfd.exe

C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\lhspdxrnfpmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\jhutjfbztfetmirjlpfd.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\cxhdqjcxoxtfvouji.exe*."

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 www.showmyipaddress.com udp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.com udp
US 172.66.43.169:80 www.whatismyip.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 whatismyipaddress.com udp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 172.66.43.169:80 www.whatismyip.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 8.8.8.8:53 www.youtube.com udp
NL 173.194.79.91:80 www.youtube.com tcp
BG 79.100.45.122:16793 tcp
US 8.8.8.8:53 gyuuym.org udp
DE 85.214.228.140:80 gyuuym.org tcp
US 8.8.8.8:53 detuuqh.org udp
US 8.8.8.8:53 rjxwvfmmloj.net udp
US 8.8.8.8:53 lrjacuwrec.info udp
US 8.8.8.8:53 cyhijmkwvkn.net udp
US 8.8.8.8:53 byzbre.net udp
US 8.8.8.8:53 ffpuodyw.net udp
US 8.8.8.8:53 unxfuild.info udp
SG 18.142.91.111:80 unxfuild.info tcp
LT 87.239.87.221:29262 tcp
BG 77.77.3.145:36703 tcp
RU 109.165.72.202:30637 tcp
US 8.8.8.8:53 qvvguqwy.net udp
US 8.8.8.8:53 tqqmldigvvrm.net udp
US 8.8.8.8:53 hhlinqxejwm.info udp
US 8.8.8.8:53 ggkeuoeimsys.org udp
US 8.8.8.8:53 ggoiukqgsikq.org udp
US 8.8.8.8:53 kwhomglks.net udp
US 8.8.8.8:53 jbdxqcybnkfv.net udp
US 8.8.8.8:53 dqpomu.net udp
US 8.8.8.8:53 qcefnd.net udp
US 8.8.8.8:53 kuomoskuyqaw.com udp
US 8.8.8.8:53 xkcihwt.info udp
US 8.8.8.8:53 udzdjiddn.net udp
US 8.8.8.8:53 gqtsrutbi.net udp
US 8.8.8.8:53 snqcldmibk.net udp
US 8.8.8.8:53 tszzpm.net udp
US 8.8.8.8:53 qscwfvpmj.info udp
US 8.8.8.8:53 uvcyeklkwum.info udp
US 8.8.8.8:53 ygoukmwg.org udp
US 8.8.8.8:53 kzjqjtbeoat.net udp
US 8.8.8.8:53 cydlrge.info udp
US 104.156.155.94:80 cydlrge.info tcp
US 8.8.8.8:53 hmtoakcrr.info udp
US 8.8.8.8:53 hvcutxbsd.net udp
US 8.8.8.8:53 ljlwikvy.net udp
US 8.8.8.8:53 qdlueiesmgdm.info udp
US 8.8.8.8:53 mjotpzfbosdh.info udp
US 8.8.8.8:53 sxgjpwnofw.info udp
US 8.8.8.8:53 ywyiok.com udp
US 8.8.8.8:53 aprrqbrgfo.net udp
US 8.8.8.8:53 xltjikzrnbiv.info udp
US 8.8.8.8:53 kcikiif.net udp
US 8.8.8.8:53 luvehemiri.info udp
US 8.8.8.8:53 dukqpwc.net udp
US 8.8.8.8:53 uwskqcucgeae.org udp
BG 79.132.7.223:26281 tcp
US 8.8.8.8:53 pwhivbmuxm.net udp
US 8.8.8.8:53 qqyonvx.net udp
US 8.8.8.8:53 lalckpw.org udp
US 8.8.8.8:53 pxaqhlvf.info udp
US 8.8.8.8:53 ooqmwieg.com udp
US 8.8.8.8:53 billlykfirwu.info udp
US 8.8.8.8:53 rzoygmqiagj.info udp
US 8.8.8.8:53 dqhsaodihvjl.net udp
US 8.8.8.8:53 hmfurcniz.info udp
US 8.8.8.8:53 mkiucyae.com udp
US 8.8.8.8:53 inemtyoik.info udp
US 8.8.8.8:53 bburnktebyz.info udp
US 8.8.8.8:53 ootwgsd.info udp
US 8.8.8.8:53 akymec.org udp
US 8.8.8.8:53 ddpobim.org udp
US 8.8.8.8:53 kqhvlaugrww.net udp
US 8.8.8.8:53 naladfnaojom.info udp
US 8.8.8.8:53 ewhqxezcwwc.net udp
US 8.8.8.8:53 uewafwvofqr.net udp
US 8.8.8.8:53 pqnnrqc.info udp
US 8.8.8.8:53 uevzujipdr.info udp
US 8.8.8.8:53 hihkjf.info udp
US 8.8.8.8:53 yekukswukw.org udp
US 8.8.8.8:53 yoaoooewyeeo.com udp
US 8.8.8.8:53 fgunse.net udp
US 8.8.8.8:53 agcacqwmeacc.com udp
US 8.8.8.8:53 cugeucem.com udp
US 8.8.8.8:53 sibcnuvoakm.info udp
US 8.8.8.8:53 goqsmekciamo.org udp
US 8.8.8.8:53 ggdgkkaed.net udp
US 8.8.8.8:53 igijeycxxkk.info udp
US 8.8.8.8:53 mdhpuesj.net udp
US 8.8.8.8:53 przcykr.org udp
US 8.8.8.8:53 quwimm.org udp
US 8.8.8.8:53 nszfcnvfga.net udp
US 8.8.8.8:53 mgwyuomsog.org udp
US 8.8.8.8:53 wpevavgpvfsr.net udp
US 8.8.8.8:53 dqjrswwie.com udp
US 8.8.8.8:53 dgxycwogi.net udp
US 8.8.8.8:53 carixf.net udp
US 8.8.8.8:53 lihipchan.net udp
US 8.8.8.8:53 uwmslwnyxgf.info udp
US 8.8.8.8:53 sekuolepqh.info udp
US 8.8.8.8:53 vrxmprngmlhk.net udp
US 8.8.8.8:53 xuzkxux.org udp
US 8.8.8.8:53 gpyccbuoncou.net udp
US 8.8.8.8:53 gtpvpc.info udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 weymbph.net udp
NL 173.194.69.94:80 c.pki.goog tcp
US 8.8.8.8:53 tkzcae.info udp
US 8.8.8.8:53 eznabol.net udp
US 8.8.8.8:53 tcrmrfipd.com udp
US 8.8.8.8:53 akfdfmvwa.net udp
US 8.8.8.8:53 bwychid.info udp
US 8.8.8.8:53 klqmnybibg.net udp
US 8.8.8.8:53 mhggkwhmb.info udp
US 8.8.8.8:53 jkzghqo.info udp
US 8.8.8.8:53 wgdfkfka.info udp
US 8.8.8.8:53 cnuwna.net udp
US 8.8.8.8:53 zclmvyqah.com udp
US 8.8.8.8:53 souabqs.net udp
US 8.8.8.8:53 amfqrrz.net udp
US 8.8.8.8:53 fbvltosyp.net udp
US 8.8.8.8:53 lyxmnybibg.info udp
BG 85.130.98.94:29528 tcp
US 8.8.8.8:53 ucfsjxe.net udp
US 8.8.8.8:53 kmaeiocsskqm.com udp
US 8.8.8.8:53 ogkekbm.net udp
US 8.8.8.8:53 lyzefe.info udp
US 8.8.8.8:53 saqanjt.info udp
US 8.8.8.8:53 fkqizmxnir.info udp
US 8.8.8.8:53 dkouvubcpovf.info udp
US 8.8.8.8:53 iodiwolya.net udp
US 8.8.8.8:53 nupfbooi.net udp
US 8.8.8.8:53 cqqqoy.com udp
US 8.8.8.8:53 kgucribs.info udp
US 8.8.8.8:53 yqvquelp.info udp
US 8.8.8.8:53 zyfitez.info udp
US 8.8.8.8:53 kyolaqhttyrg.info udp
US 8.8.8.8:53 lbdimib.org udp
US 8.8.8.8:53 qwomamyiks.org udp
US 8.8.8.8:53 leqdurjb.net udp
US 8.8.8.8:53 hutqhda.info udp
US 8.8.8.8:53 awtgncpwdlk.info udp
US 8.8.8.8:53 wihltvtnb.info udp
US 8.8.8.8:53 guppwdc.net udp
US 8.8.8.8:53 aluexu.info udp
US 8.8.8.8:53 bwdxfsygfuh.info udp
US 8.8.8.8:53 bldofskov.com udp
US 8.8.8.8:53 suoycxzyvmxp.net udp
US 8.8.8.8:53 cplxird.info udp
BG 93.155.147.247:43855 tcp
US 8.8.8.8:53 dxikspgshgbk.info udp
US 8.8.8.8:53 jcoanpvcvvo.com udp
US 8.8.8.8:53 baptqjdo.info udp
US 8.8.8.8:53 lgmwshpwdp.net udp
US 8.8.8.8:53 fopgxpaecr.net udp
US 8.8.8.8:53 ijpdptcadxoj.info udp
US 8.8.8.8:53 cghwxt.info udp
US 8.8.8.8:53 zgrjrexb.net udp
US 8.8.8.8:53 eeueccewmeem.com udp
US 8.8.8.8:53 hkdavivwtch.net udp
US 8.8.8.8:53 uoyjrxw.net udp
US 8.8.8.8:53 qkesja.info udp
US 8.8.8.8:53 fqtifgu.info udp
US 8.8.8.8:53 gthoprfe.net udp
US 8.8.8.8:53 rhulahwnvary.net udp
US 8.8.8.8:53 ytfyepta.info udp
US 8.8.8.8:53 wqioqcsciu.org udp
US 8.8.8.8:53 vlpxze.info udp
US 8.8.8.8:53 flrosx.info udp
US 8.8.8.8:53 tznlxz.net udp
US 8.8.8.8:53 ftkslr.info udp
US 8.8.8.8:53 phiezkhxdu.info udp
US 8.8.8.8:53 oarcxgnyt.info udp
US 8.8.8.8:53 rszkipwwdwpt.info udp
BG 95.42.121.150:38992 tcp
US 8.8.8.8:53 skywyumxq.net udp
US 8.8.8.8:53 cyooug.org udp
US 8.8.8.8:53 lsbmfep.net udp
US 8.8.8.8:53 rrpmox.info udp
US 8.8.8.8:53 xqwodajmdx.net udp
US 8.8.8.8:53 bclizwt.org udp
US 8.8.8.8:53 egsmyysc.org udp
US 8.8.8.8:53 veppoi.net udp
US 8.8.8.8:53 vgogwut.com udp
US 8.8.8.8:53 wazblhhxoq.net udp
US 8.8.8.8:53 yavcdinavym.info udp
US 8.8.8.8:53 weookeomeuee.org udp
US 8.8.8.8:53 cmyubgz.net udp
US 8.8.8.8:53 gzbpdojmiphe.info udp
US 8.8.8.8:53 ekqqcc.org udp
US 8.8.8.8:53 mqmqekowuyye.com udp
US 8.8.8.8:53 dwfkeogzvhjn.info udp
US 8.8.8.8:53 soxwvft.net udp
US 8.8.8.8:53 bbnakkn.com udp
US 8.8.8.8:53 xyhjstljxe.info udp
US 8.8.8.8:53 zulskgb.net udp
US 8.8.8.8:53 dflqknsl.net udp
US 8.8.8.8:53 pgvffkj.org udp
US 8.8.8.8:53 qtgqqinahbp.info udp
US 8.8.8.8:53 tcvuvhjwh.info udp
US 8.8.8.8:53 suvohrj.net udp
US 8.8.8.8:53 tppgqgwlpzeq.net udp
US 8.8.8.8:53 oiwezgjpuxf.net udp
US 8.8.8.8:53 qeuutywuscv.net udp
US 8.8.8.8:53 jubvpax.info udp
US 8.8.8.8:53 psieeafcv.org udp
US 8.8.8.8:53 pmlfklz.info udp
US 88.216.18.28:28446 tcp
US 8.8.8.8:53 aknsgwkcl.net udp
US 8.8.8.8:53 pexlzxjcbx.net udp
US 8.8.8.8:53 nlzqiqtgp.info udp
US 8.8.8.8:53 bctuhmd.net udp
US 8.8.8.8:53 xxquxqig.info udp
US 8.8.8.8:53 yfqfpnztoxwv.info udp
US 8.8.8.8:53 rlcaqtjxn.org udp
US 8.8.8.8:53 ecbwysbz.info udp
US 8.8.8.8:53 xcjzueqrllgo.net udp
US 8.8.8.8:53 omccywoaku.org udp
US 8.8.8.8:53 hrjitwegdkv.com udp
US 8.8.8.8:53 arppzkmmrl.net udp
US 8.8.8.8:53 qqdzztokd.info udp
US 8.8.8.8:53 agkuowysmswg.org udp
US 8.8.8.8:53 njmyupro.net udp
US 8.8.8.8:53 hkbkoek.info udp
US 8.8.8.8:53 pmoogx.info udp
US 8.8.8.8:53 ngjstb.info udp
US 8.8.8.8:53 copivz.info udp
US 8.8.8.8:53 aygooswwiqsu.org udp
US 8.8.8.8:53 wspcry.info udp
US 8.8.8.8:53 xrpwmsl.info udp
US 8.8.8.8:53 yuesusyg.org udp
US 8.8.8.8:53 otjvbwwefeho.net udp
US 8.8.8.8:53 cyumqccaee.com udp
US 8.8.8.8:53 fljbfrbtshgk.net udp
US 8.8.8.8:53 jtuyaihbdt.info udp
US 8.8.8.8:53 iusioomq.org udp
US 8.8.8.8:53 pcmhayqbo.com udp
US 8.8.8.8:53 wcsbrpz.net udp
US 8.8.8.8:53 fqnnwhnr.net udp
US 8.8.8.8:53 tzzkqyxqz.com udp
US 8.8.8.8:53 riwxreh.com udp
US 8.8.8.8:53 vqjxaaxs.net udp
US 8.8.8.8:53 uwcuws.org udp
US 8.8.8.8:53 pzhkukrbdlhw.net udp
US 8.8.8.8:53 azlfou.info udp
US 8.8.8.8:53 umyicieyee.org udp
US 8.8.8.8:53 nfdrew.info udp
US 8.8.8.8:53 lypsnjvdz.info udp
US 8.8.8.8:53 vmpdfhauxe.info udp
US 8.8.8.8:53 ajjpwophf.net udp
US 8.8.8.8:53 mdqjhkdomv.info udp
US 8.8.8.8:53 vcsuct.net udp
US 8.8.8.8:53 pmdzyeveudma.info udp
BG 212.75.19.125:39027 tcp
US 8.8.8.8:53 lfnoredc.info udp
US 8.8.8.8:53 fsyczawoha.info udp
US 8.8.8.8:53 lizzpdnwj.info udp
US 8.8.8.8:53 atkzfclhbift.info udp
US 8.8.8.8:53 vkueqobg.net udp
US 8.8.8.8:53 volbvovv.info udp
US 8.8.8.8:53 kupcxmpgb.net udp
US 8.8.8.8:53 jkjerwwiu.net udp
US 8.8.8.8:53 eyeqbekc.info udp
US 8.8.8.8:53 nwtwdgd.net udp
US 8.8.8.8:53 wueysyqiyg.org udp
US 8.8.8.8:53 yeaehszetla.info udp
US 8.8.8.8:53 dkjxdlyr.net udp
US 8.8.8.8:53 jjrefkv.net udp
US 8.8.8.8:53 elixqyege.net udp
US 8.8.8.8:53 nkcguckxgm.net udp
US 8.8.8.8:53 vebqddj.net udp
US 8.8.8.8:53 brzxrzokre.info udp
US 8.8.8.8:53 qycooauamgkq.com udp
US 8.8.8.8:53 aiwmqyoeaq.org udp
US 8.8.8.8:53 okoqguyeaqsm.org udp
US 8.8.8.8:53 kjskvzf.info udp
US 8.8.8.8:53 lxdsvonj.info udp
US 8.8.8.8:53 ccqgsg.org udp
US 8.8.8.8:53 fyhcouhsdje.com udp
US 8.8.8.8:53 lzbjkx.info udp
US 8.8.8.8:53 iqmktwxcv.net udp
US 8.8.8.8:53 bcesjz.net udp
US 8.8.8.8:53 puaqbshsmsu.info udp
US 8.8.8.8:53 isdmqwn.info udp
US 8.8.8.8:53 blriytvijot.com udp
US 8.8.8.8:53 btaylqe.net udp
US 8.8.8.8:53 ydhydipwe.net udp
US 8.8.8.8:53 kyilnx.net udp
US 8.8.8.8:53 vwsqskcuszjg.info udp
US 8.8.8.8:53 sociouuiieku.org udp
US 8.8.8.8:53 ococwc.com udp
US 8.8.8.8:53 mvtjdm.net udp
US 8.8.8.8:53 byvhdu.net udp
US 8.8.8.8:53 wuvylbxd.net udp
US 8.8.8.8:53 xjnhhaldac.net udp
US 8.8.8.8:53 rfyzqvxq.info udp
US 8.8.8.8:53 gaqkygwq.org udp
ES 79.116.184.123:13399 tcp
US 8.8.8.8:53 cqbexrvwvar.net udp
US 8.8.8.8:53 lpiyvvfrngx.com udp
US 8.8.8.8:53 ouwjpwd.net udp
US 8.8.8.8:53 cjhzmj.net udp
US 8.8.8.8:53 jrbulad.info udp
US 8.8.8.8:53 kyagwswe.org udp
US 8.8.8.8:53 gkdyligxn.net udp
US 8.8.8.8:53 vcekrzma.net udp
US 8.8.8.8:53 hzfisydtac.net udp
US 8.8.8.8:53 gcqowmwskw.org udp
US 8.8.8.8:53 tyechxkip.net udp
US 8.8.8.8:53 qcfwyobyswu.info udp
US 8.8.8.8:53 oidodxtwswct.info udp
US 8.8.8.8:53 bpzorpfuhtf.org udp
US 8.8.8.8:53 pqhvrgd.org udp
US 8.8.8.8:53 swegnosgwz.net udp
US 8.8.8.8:53 bmospulyl.org udp
US 8.8.8.8:53 bkngmvgi.net udp
US 8.8.8.8:53 gkkgckcycm.com udp
US 8.8.8.8:53 xshutkx.net udp
US 8.8.8.8:53 ixzzrixpmqsq.info udp
US 8.8.8.8:53 jksykdd.com udp
US 8.8.8.8:53 gbkqmyielmd.net udp
US 8.8.8.8:53 bdvvsjdl.net udp
US 8.8.8.8:53 bqdindvszcl.com udp
US 8.8.8.8:53 eoezdb.net udp
US 8.8.8.8:53 hxgrdpm.info udp
US 8.8.8.8:53 gebeoqildwl.net udp
US 8.8.8.8:53 tzbzxqnnrd.info udp
US 8.8.8.8:53 ezdhnefp.info udp
US 8.8.8.8:53 ycggmssmvrf.net udp
US 8.8.8.8:53 hdoiscnaii.net udp
US 8.8.8.8:53 dykwknvmdfdj.info udp
US 8.8.8.8:53 oqvrlsb.info udp
US 8.8.8.8:53 flbeewlil.info udp
US 8.8.8.8:53 zkhidfqrrkh.com udp
US 8.8.8.8:53 wawaoiyk.com udp
US 8.8.8.8:53 qpttpgigjh.net udp
US 8.8.8.8:53 rglmrwgr.net udp
US 8.8.8.8:53 cptqnujiv.info udp
US 8.8.8.8:53 cunzzsfay.info udp
US 8.8.8.8:53 oydcvapezglx.info udp
US 8.8.8.8:53 lczoradauoz.net udp
US 8.8.8.8:53 dazulnj.org udp
US 8.8.8.8:53 qmzxfv.info udp
US 8.8.8.8:53 kupqvcbokgx.info udp
US 8.8.8.8:53 igbnznvj.net udp
US 8.8.8.8:53 vqryfrsen.org udp
US 8.8.8.8:53 jzthxr.net udp
US 8.8.8.8:53 azxknakvts.net udp
US 8.8.8.8:53 fjusznt.com udp
US 8.8.8.8:53 ckkwgcsk.com udp
US 8.8.8.8:53 cijrvhnwmen.net udp
US 8.8.8.8:53 llnhsvyvmsjo.info udp
US 8.8.8.8:53 oksywseq.com udp
US 8.8.8.8:53 wzjmrobem.net udp
US 8.8.8.8:53 zuhmapbot.net udp
US 8.8.8.8:53 hqmdvk.net udp
US 8.8.8.8:53 pizyxbfml.com udp
US 8.8.8.8:53 rprbiojh.info udp
US 8.8.8.8:53 raxvlgucm.info udp
US 8.8.8.8:53 eogouocqiqcy.org udp
US 8.8.8.8:53 tcpbkuj.net udp
US 8.8.8.8:53 vjvlnnztmb.net udp
US 8.8.8.8:53 zupozbuyzc.info udp
US 8.8.8.8:53 fljqrqzil.org udp
US 8.8.8.8:53 cbpwoix.info udp
US 8.8.8.8:53 yojkaljecqs.info udp
US 8.8.8.8:53 xtrnbgrnsns.info udp
US 8.8.8.8:53 ecegeakc.org udp
US 8.8.8.8:53 qodnzirciqss.net udp
US 8.8.8.8:53 syxdtrtrobky.info udp
US 8.8.8.8:53 ootkjdzphd.net udp
US 8.8.8.8:53 rppwyefwfjxp.net udp
US 8.8.8.8:53 vujpluryrytu.net udp
US 8.8.8.8:53 kijpuszykgyc.net udp
LT 78.57.185.245:13035 tcp
US 8.8.8.8:53 bwtbrciotmkl.net udp
US 8.8.8.8:53 lksakezug.com udp
US 8.8.8.8:53 aararuzmj.info udp
US 8.8.8.8:53 casucogiqsma.com udp
US 8.8.8.8:53 motrotee.info udp
US 8.8.8.8:53 zrizzt.net udp
US 8.8.8.8:53 cqvqym.net udp
US 8.8.8.8:53 uapgincf.info udp
US 8.8.8.8:53 edlseww.net udp
US 8.8.8.8:53 yrhglc.info udp
US 8.8.8.8:53 nsjnpn.net udp
US 8.8.8.8:53 njgctdffsq.info udp
US 8.8.8.8:53 qolchahsp.info udp
US 8.8.8.8:53 fhldzawwtzj.org udp
US 8.8.8.8:53 ernehhjkks.net udp
US 8.8.8.8:53 ivewnr.info udp
US 8.8.8.8:53 zcpodcx.com udp
US 8.8.8.8:53 ofhethwi.info udp
US 8.8.8.8:53 ggxhdaklt.net udp
US 8.8.8.8:53 qzzcfouwmbqd.net udp
US 8.8.8.8:53 nqxijbihvn.info udp
US 8.8.8.8:53 wkgmbuz.info udp
US 8.8.8.8:53 zbleezv.info udp
US 8.8.8.8:53 yspynbdonzn.net udp
US 8.8.8.8:53 cagqicuskuyi.org udp
US 8.8.8.8:53 urredvxxwsm.info udp
US 8.8.8.8:53 ogjcfug.net udp
US 8.8.8.8:53 sfcwlwr.net udp
US 8.8.8.8:53 tkjokbyoxlv.org udp
US 8.8.8.8:53 dktizmgfn.net udp
US 8.8.8.8:53 xrctizgjhu.net udp
US 8.8.8.8:53 lmzlkmt.org udp
US 8.8.8.8:53 dshyudqln.info udp
US 8.8.8.8:53 tfljbyun.net udp
US 8.8.8.8:53 vlgxccluan.net udp
US 8.8.8.8:53 cqyfdmlhgpla.net udp
US 8.8.8.8:53 rfcqjgcwrllk.info udp
US 8.8.8.8:53 ocfjydrxf.info udp
US 8.8.8.8:53 birxqewzma.info udp
US 8.8.8.8:53 ooewwc.org udp
US 8.8.8.8:53 zmbvzpwrxatd.net udp
US 8.8.8.8:53 wsyelgbqlzh.net udp
US 8.8.8.8:53 ddxghgl.org udp
US 8.8.8.8:53 sqyieggqoy.org udp
US 8.8.8.8:53 qsemsecseuqy.com udp
US 8.8.8.8:53 oesobnowdot.net udp
US 8.8.8.8:53 omgommbnjsx.info udp
US 8.8.8.8:53 vxubdlgw.info udp
US 8.8.8.8:53 jypigkw.net udp
US 8.8.8.8:53 pfrlvq.net udp
US 8.8.8.8:53 karyrsdkv.net udp
US 8.8.8.8:53 togiytqvxo.info udp
US 8.8.8.8:53 jphhtgd.com udp
US 8.8.8.8:53 hkxcttgiv.info udp
US 8.8.8.8:53 pcvyjavzm.net udp
US 8.8.8.8:53 byvsfw.info udp
US 8.8.8.8:53 yiikac.com udp
US 8.8.8.8:53 putkrobes.info udp
US 8.8.8.8:53 omierhazkhgw.net udp
US 8.8.8.8:53 kqboduj.net udp
MD 95.153.98.116:37089 tcp
US 8.8.8.8:53 kqeesyyegiqy.org udp
US 8.8.8.8:53 bxawzc.net udp
US 8.8.8.8:53 cokwaossewus.org udp
US 8.8.8.8:53 iyiusqii.com udp
US 8.8.8.8:53 kwdrqyzrhd.net udp
US 8.8.8.8:53 yzvuwpd.info udp
US 8.8.8.8:53 teybpyfil.net udp
US 8.8.8.8:53 tiqywtur.info udp
US 8.8.8.8:53 xrjmbmgmisvh.info udp
US 8.8.8.8:53 aloukfplgexl.info udp
US 8.8.8.8:53 tcpicwzse.net udp
US 8.8.8.8:53 ilfkhurwrcu.info udp
US 8.8.8.8:53 kxrlfpdyrsn.info udp
US 8.8.8.8:53 jqtenkdayoy.org udp
US 8.8.8.8:53 bbebhywzhp.info udp
US 8.8.8.8:53 uwewokkkao.com udp
US 8.8.8.8:53 ybdxxpjz.net udp
US 8.8.8.8:53 bskyxfxcvx.info udp
US 8.8.8.8:53 lvliwxsju.net udp
US 8.8.8.8:53 yywgyyiomioa.org udp
US 8.8.8.8:53 qsmcqkuy.org udp
US 8.8.8.8:53 cgqysyyycooa.com udp
US 8.8.8.8:53 sgrptsiotd.net udp
US 8.8.8.8:53 wcgcuuiu.org udp
US 8.8.8.8:53 bubengz.org udp
BG 213.214.73.99:33325 tcp
US 8.8.8.8:53 kwnjyk.info udp
US 8.8.8.8:53 nhmyomxjv.info udp
US 8.8.8.8:53 ybvbbomur.net udp
US 8.8.8.8:53 raonpbn.com udp
US 8.8.8.8:53 tyzkrdhyl.info udp
US 8.8.8.8:53 vkformz.org udp
US 8.8.8.8:53 ycaqma.info udp
US 8.8.8.8:53 vyvijbihvn.info udp
US 8.8.8.8:53 cqkdpulihwv.net udp
US 8.8.8.8:53 qkpahbpwkohq.net udp
US 8.8.8.8:53 hsrofavrq.net udp
US 8.8.8.8:53 gztnchhmn.info udp
US 8.8.8.8:53 lwokfznop.net udp
US 8.8.8.8:53 llpwlrlwpx.net udp
US 8.8.8.8:53 rvwmedlpng.net udp
US 8.8.8.8:53 abzmrur.net udp
US 8.8.8.8:53 bctwfgikb.org udp
US 8.8.8.8:53 guaicuseig.com udp
BG 151.252.195.88:28108 tcp
US 8.8.8.8:53 wijayyfmvwp.info udp
US 8.8.8.8:53 fzqqksnzg.net udp
US 8.8.8.8:53 ccdlanznha.info udp
US 8.8.8.8:53 xvxshcnh.info udp
US 8.8.8.8:53 bvewfg.info udp
US 8.8.8.8:53 ejfqvexqvaz.net udp
US 8.8.8.8:53 rxvtluqezlfu.info udp
US 8.8.8.8:53 xmlymtnez.org udp
US 8.8.8.8:53 neopaj.net udp
US 8.8.8.8:53 wmypdahtb.info udp
US 8.8.8.8:53 mlldatlb.info udp
US 8.8.8.8:53 vcnqbqj.com udp
US 8.8.8.8:53 dbtktxwheu.info udp
US 8.8.8.8:53 pitcatmjnwbw.net udp
US 8.8.8.8:53 qiikcu.com udp
US 8.8.8.8:53 zrlebnrwhvjr.info udp
US 8.8.8.8:53 frhaphb.org udp
US 8.8.8.8:53 odzbrjqoy.info udp
US 8.8.8.8:53 rydxdjt.com udp
US 8.8.8.8:53 jkaclwtsb.org udp
US 8.8.8.8:53 aalijqi.info udp
US 8.8.8.8:53 iutjjvxez.info udp
US 8.8.8.8:53 shhelgbyjuh.info udp
US 8.8.8.8:53 cpfyjqzd.net udp
US 8.8.8.8:53 kwukgwsk.com udp
US 8.8.8.8:53 xmvyhuzej.net udp
US 8.8.8.8:53 fzrgbhzd.net udp
US 8.8.8.8:53 odqisf.info udp
US 8.8.8.8:53 pmbszbxetsu.net udp
US 8.8.8.8:53 pdosssrvyq.info udp
US 8.8.8.8:53 ncpmyszzt.info udp
US 8.8.8.8:53 vquxweyer.net udp
BG 109.199.143.142:22090 tcp
US 8.8.8.8:53 teliagm.net udp
US 8.8.8.8:53 ybxsqlwexbnh.info udp
US 8.8.8.8:53 vtpvzvyr.net udp
US 8.8.8.8:53 glwzncdjh.info udp
US 8.8.8.8:53 vfcvslibyr.info udp
US 8.8.8.8:53 yxtajncqyh.net udp
US 8.8.8.8:53 kkiamiym.com udp
US 8.8.8.8:53 ukxhtwnlp.info udp
US 8.8.8.8:53 bdjiqacqitd.com udp
US 8.8.8.8:53 rpkhucjyjspv.net udp
US 8.8.8.8:53 ydyofq.info udp
US 8.8.8.8:53 ooioxax.net udp
US 8.8.8.8:53 jatdaajehomt.net udp
US 8.8.8.8:53 tstivv.net udp
US 8.8.8.8:53 nnfseh.info udp
US 8.8.8.8:53 kfbytknb.info udp
US 8.8.8.8:53 tngambyjl.com udp
US 8.8.8.8:53 mwgkuyee.org udp
US 8.8.8.8:53 xapkosvswcc.info udp
US 8.8.8.8:53 arnimu.info udp
US 8.8.8.8:53 ctkipoxh.info udp
US 8.8.8.8:53 jspyhddg.info udp
US 8.8.8.8:53 qqtynwr.info udp
US 8.8.8.8:53 uiceesz.info udp
US 8.8.8.8:53 tkhgpiicd.info udp
US 8.8.8.8:53 cmtuzie.info udp
US 8.8.8.8:53 dengxfrwxu.info udp
US 8.8.8.8:53 hunimbzohgb.org udp
US 8.8.8.8:53 xiydxik.com udp
US 8.8.8.8:53 zshnjlaoxzju.net udp
US 8.8.8.8:53 dmtqahrupfa.net udp
US 8.8.8.8:53 bzaydhbkyko.info udp
US 8.8.8.8:53 hmvucwy.info udp
US 8.8.8.8:53 nmrmhfg.com udp
BG 46.10.166.119:35540 tcp
US 8.8.8.8:53 wshejppov.info udp
US 8.8.8.8:53 pwclvhkpxs.info udp
US 8.8.8.8:53 usicsmssoc.org udp
US 8.8.8.8:53 uoxjsmld.info udp
US 8.8.8.8:53 xtyfxsdfxufx.net udp
US 8.8.8.8:53 hujwdm.info udp
US 8.8.8.8:53 lziwcdgkyknr.net udp
US 8.8.8.8:53 wqnnrirwb.net udp
US 8.8.8.8:53 ewiuauieao.com udp
US 8.8.8.8:53 dyvjmt.net udp
US 8.8.8.8:53 kzdnojsn.info udp
US 8.8.8.8:53 rugencdg.net udp
US 8.8.8.8:53 bjpwlrlwpx.net udp
US 8.8.8.8:53 qweejur.info udp
US 8.8.8.8:53 ncdknip.net udp
US 8.8.8.8:53 ociaagii.com udp
US 8.8.8.8:53 xglqwgp.net udp
US 8.8.8.8:53 qgvvvu.info udp
US 8.8.8.8:53 imwkkoik.com udp
US 8.8.8.8:53 ueeyqq.org udp
US 8.8.8.8:53 indafalddzkq.net udp
US 8.8.8.8:53 gxforcnsesz.net udp
US 8.8.8.8:53 sewuvwb.net udp
US 8.8.8.8:53 eapimys.info udp
US 8.8.8.8:53 wqyfvumvbc.info udp
US 8.8.8.8:53 tmarfexmj.info udp
US 8.8.8.8:53 jcyxvlfeh.info udp
US 8.8.8.8:53 oaewcmmi.com udp
US 8.8.8.8:53 ekfhnapvvq.net udp
US 8.8.8.8:53 aiyqkoqu.com udp
US 8.8.8.8:53 pkzpzdxg.info udp
US 8.8.8.8:53 dmrhnwbn.info udp
US 8.8.8.8:53 oalwpcngx.info udp
US 8.8.8.8:53 fkginjzudyn.com udp
US 8.8.8.8:53 lpdcrf.net udp
US 8.8.8.8:53 uylylcygr.net udp
US 8.8.8.8:53 mpzehrha.info udp
US 8.8.8.8:53 amvzinfdpif.net udp
US 8.8.8.8:53 owfkew.info udp
US 8.8.8.8:53 apqefktc.info udp
US 8.8.8.8:53 xcrfxbihvn.info udp
US 8.8.8.8:53 yyyoykcckiey.org udp
US 8.8.8.8:53 bktgmtvjwdp.org udp
US 8.8.8.8:53 xtesyey.org udp
US 8.8.8.8:53 pvesxitaordl.info udp
US 8.8.8.8:53 hirugivrcvk.info udp
US 8.8.8.8:53 nlfmnuipisot.info udp
US 8.8.8.8:53 ogwcgeoo.com udp
US 8.8.8.8:53 svumqehfhuhv.net udp
US 8.8.8.8:53 mqcwpgd.net udp
US 8.8.8.8:53 gikckgciiu.org udp
BG 46.237.97.135:13081 tcp
US 8.8.8.8:53 javxohqgzbfd.info udp
US 8.8.8.8:53 dzrmxez.com udp
US 8.8.8.8:53 uytwawzc.info udp
US 8.8.8.8:53 lurgxqw.net udp
US 8.8.8.8:53 wdgdbextgsho.net udp
US 8.8.8.8:53 kxldwaoqfn.info udp
US 8.8.8.8:53 smqgio.org udp
US 8.8.8.8:53 ocmwddbf.net udp
US 8.8.8.8:53 uxhdce.net udp
US 8.8.8.8:53 brxpsabpfo.info udp
US 8.8.8.8:53 szpvet.net udp
US 8.8.8.8:53 lnoibcb.net udp
US 8.8.8.8:53 prqqjtdt.info udp
US 8.8.8.8:53 hqnxzcrham.info udp
US 8.8.8.8:53 xxbuvavqnao.net udp
US 8.8.8.8:53 yiosqu.com udp
US 8.8.8.8:53 mqfbpujxnxt.net udp
US 8.8.8.8:53 xrkrou.net udp
US 8.8.8.8:53 kszbzats.net udp
US 8.8.8.8:53 oroqjojtbbfj.info udp
US 8.8.8.8:53 ouhbpaxowd.net udp
US 8.8.8.8:53 tgzzsilpuoyu.info udp
US 8.8.8.8:53 ohrufoh.net udp
US 8.8.8.8:53 osxjpskd.info udp
US 8.8.8.8:53 rejwrwpoa.info udp
US 8.8.8.8:53 bvzvppdlyb.info udp
US 8.8.8.8:53 gtazjkbyrcjc.net udp
US 8.8.8.8:53 jmuyzwjxj.net udp
US 8.8.8.8:53 sgescokcmo.org udp
US 8.8.8.8:53 yylkvpptlo.info udp
US 8.8.8.8:53 eaeame.org udp
US 8.8.8.8:53 tjizle.info udp
US 8.8.8.8:53 lzwgpqnxhy.net udp
LT 78.58.58.132:27706 tcp
US 8.8.8.8:53 oashxx.info udp
US 8.8.8.8:53 rypinkujvsh.net udp
US 8.8.8.8:53 hwclyifovyw.info udp
US 8.8.8.8:53 jehyhpbob.com udp
US 8.8.8.8:53 ayshuy.info udp
US 8.8.8.8:53 gehivkikbww.info udp
US 8.8.8.8:53 evqvyqznbs.info udp
US 8.8.8.8:53 lqnblqcibsy.info udp
US 8.8.8.8:53 luaiurlae.info udp
US 8.8.8.8:53 cscgmmwmas.org udp
US 8.8.8.8:53 xiuxioldgwuf.info udp
US 8.8.8.8:53 uucaoiauuyys.com udp
US 8.8.8.8:53 aazjaeqqkun.net udp
US 8.8.8.8:53 ostbaefw.info udp
US 8.8.8.8:53 hsfspwfirsr.org udp
US 8.8.8.8:53 dxlypnr.net udp
US 8.8.8.8:53 fumvct.net udp
US 8.8.8.8:53 agsmgg.org udp
US 8.8.8.8:53 woawvtpkpyh.net udp
US 8.8.8.8:53 hewmikl.info udp
US 8.8.8.8:53 vsosruqrjzox.net udp
US 8.8.8.8:53 kyfhtkndoc.net udp
US 8.8.8.8:53 dnyidwf.info udp
US 8.8.8.8:53 hvahse.net udp
US 8.8.8.8:53 yadxtkefpqdf.net udp
US 8.8.8.8:53 bzndqwue.info udp
US 8.8.8.8:53 emiggyauyuki.org udp
US 8.8.8.8:53 ztaybpovfv.net udp
US 8.8.8.8:53 hmrillnldccx.info udp
US 8.8.8.8:53 wngdyu.info udp
US 8.8.8.8:53 ujfjhnly.info udp
US 8.8.8.8:53 ulwprsdpevsj.info udp
US 8.8.8.8:53 vorsvulswmce.info udp
US 8.8.8.8:53 rtctdafrtt.info udp
US 8.8.8.8:53 btlzhd.net udp
US 8.8.8.8:53 qseyioyqau.com udp
US 8.8.8.8:53 amgqrzncbkwo.net udp
US 8.8.8.8:53 suwaqomqye.com udp
US 8.8.8.8:53 nogykqskujfb.net udp
US 8.8.8.8:53 qyjxvcif.net udp
US 8.8.8.8:53 ivhcjwzxop.net udp
US 8.8.8.8:53 bavneaoeve.net udp
US 8.8.8.8:53 lmskkud.net udp
US 8.8.8.8:53 hexhmh.net udp
US 8.8.8.8:53 rkwlhccy.info udp
US 8.8.8.8:53 jjoajilixl.net udp
US 8.8.8.8:53 ojrszqyplj.net udp
US 8.8.8.8:53 oixgnbrn.info udp
US 8.8.8.8:53 elpifj.info udp
US 8.8.8.8:53 nthafgeqx.org udp
US 8.8.8.8:53 ohqebyiw.net udp
US 8.8.8.8:53 aycdgmiaup.net udp
US 8.8.8.8:53 nlatpmzwnof.net udp
US 8.8.8.8:53 uokxdqpa.net udp
US 8.8.8.8:53 hzfzowhc.net udp
US 8.8.8.8:53 owgmcwl.net udp
US 8.8.8.8:53 vibshiiel.net udp
US 8.8.8.8:53 amtmskhhpat.net udp
US 8.8.8.8:53 cusculql.info udp
US 8.8.8.8:53 jjqtpeerkb.net udp
MD 109.185.142.42:35815 tcp
US 8.8.8.8:53 awditowad.info udp
US 8.8.8.8:53 mgdyrkson.net udp
US 8.8.8.8:53 bkbouhrwjtik.net udp
US 8.8.8.8:53 ksrydraoogck.info udp
US 8.8.8.8:53 vcmwlyrgs.net udp
US 8.8.8.8:53 djanychncjor.net udp
US 8.8.8.8:53 urkcltobhpwf.net udp
US 8.8.8.8:53 yafppj.net udp
US 8.8.8.8:53 oismai.com udp
US 8.8.8.8:53 fetidsj.org udp
US 8.8.8.8:53 flhwfgxermks.net udp
US 8.8.8.8:53 uobgrch.net udp
US 8.8.8.8:53 npitjyniz.com udp
US 8.8.8.8:53 eheflhppvg.net udp
US 8.8.8.8:53 nmtatczonat.info udp
US 8.8.8.8:53 yhhkzehxb.net udp

Files

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

MD5 edc443a01eae017b205529f71d9bbd75
SHA1 028522b9b5ed1d14bb20955e4b2cb2b2f340037e
SHA256 0e90aa289f66161994bf43ee96474fb76e2638e3645f4634e45c181131ef4541
SHA512 7404166be1675f8a96d0f7886f41bba267e456d298227a93d6c0e79e77dc27bc8c5f66cfde14322f3cb1dfb5645b78c475fa7e92cbd95e48516be21adc6b8913

C:\Windows\SysWOW64\lhspdxrnfpmzqkrhhj.exe

MD5 bad3aa8bfd42552d828c35c8202f43f6
SHA1 8e4baedd28bfa1b0cad3643a3dee24449a0a1df9
SHA256 395f67fccccbea1c99cb243f2ff7994bfc211a19b3e3b583be219265b060d828
SHA512 ec58caa9b81e0f590f38b2592fab525b2f1efd3ab7fe89009dfc6bf8cf35c713d487f2ae9038175545261e3071901ec82699e302b07159de0543727c8a430421

C:\Users\Admin\AppData\Local\Temp\jtsdfn.exe

MD5 e92f9595f72b20c9d968f9bf2a9690eb
SHA1 46262e2f27699229b28f6e37ecad434a713335eb
SHA256 b958879dba42160566a237c89fc577c9e50f08bb8d8928706cee249c00fe663a
SHA512 12208838475338c614951e466db0b94ba78c38d92e2ae02ae70e18ebbc39a76401decb30b109d6c56175112bdcefe3d9fca6b8a0c0f177d44af30d200d5c0914

C:\Users\Admin\AppData\Local\yhfpqxenspzzdkehujktrbcjqze.llp

MD5 a753c7ab968fc71dbbd9004d96da3a05
SHA1 c8c59d8f42312dd5a7895ee4d1b2af58ddd4cd3a
SHA256 00452d65c02da6181ff0ddc28adb5700717c930e4945b36ec26e14b7951b4605
SHA512 47e3923e9c79e207dc6aa76d018907acec6101e5c5b728d0a0ad57428ea000eb8ee6ed27d27876ce8bf0591688b17bbeae5dd866167f9c2efcf932dbfb2d87ca

C:\Users\Admin\AppData\Local\vpytfxpjzhcncuznllxravhzrlbjepewbpnnzt.xjb

MD5 805ad68345efdb7a9aaa4e078ac70dc8
SHA1 df8e62eb2fcfb29a101840473271f0f0d547aa0d
SHA256 41728293d0271a6fa4fd4c8594df7ea2e642431a4228cacb93933adb426e498c
SHA512 a6edaf119b9f4472226e5eea628b00908779b3ae3faead4845debc790ea162140c7c59518ff32438019186cc082db174b1aa2d2ece80dd5c0f5b0ac82f3f431f

C:\Program Files (x86)\yhfpqxenspzzdkehujktrbcjqze.llp

MD5 21600d07ef36416b4a45d352784349cb
SHA1 f89ac7afe8754d3960312ac0211fa2a8df196887
SHA256 c2195d329deaaa73fa9160b9d5b35c1048d51a23d1055e9e793d3abb95bccbe6
SHA512 29ebf1392461e6c564a101d835b6ac202bbefe9221af21c4bf54b469def30535496457128f1e1950070b40ab8234c2da01d0f865b70ddbfd109ea1c05b479585

C:\Program Files (x86)\yhfpqxenspzzdkehujktrbcjqze.llp

MD5 75c0ef275bdb91630194f2a43ad71dc5
SHA1 9a30ae72d596f26a8755d4666b3221cdacbb493f
SHA256 b6421523d3586a0aad947f398406995ba7e4227cc34d7f550062387a489a58bb
SHA512 324f32ead5154d8d6f11c36af8da3446e6b7988f0488c346ce139844dbf5d0f6c95d5fc8be9e9bc37aa59070cc1534081878b6b2c7c412c683909b9a14acb092

C:\Program Files (x86)\yhfpqxenspzzdkehujktrbcjqze.llp

MD5 d5ffbef2279801c8cd8c6dd6f343bec1
SHA1 5b1b2cbc8fcc2fcc3882eb173b0ced764c6c338a
SHA256 bfba5f0a197ac704828e034e8f8c825fd9338aa036f9bbe4f512ca030d8b433d
SHA512 9612493fc46fee9fe07401219949718cc9d61f09fb398abdad106b1034209217aea1c0a5020314c84edcc53506dbf28783bbf1e7db49884c4a7dfd44969c8a3b

C:\Program Files (x86)\yhfpqxenspzzdkehujktrbcjqze.llp

MD5 ab638622cb533da9fe836b1458140cf8
SHA1 cb198cdc7234b5ab06c157110746c9e152f686b6
SHA256 76fb48e6e47343bc5a030b7fa77d196648fb3ca012e059a7b84e0f0f84cde30e
SHA512 58219f36b4d9d44e981e9893f28998db62b883082578662153ac0d6e15ae95606af11f9f4a2d57aaeac37c0672cb4e95596a750b42d18c14c6eb9e371953423d

C:\Program Files (x86)\yhfpqxenspzzdkehujktrbcjqze.llp

MD5 b22c0e6ca59117185c120924c7dcd2f1
SHA1 3ea95f391b7ac752e47095ff6c004569d54fcdfe
SHA256 4edfec49c3842d76627b78bc5e838a7399f9d44c2ef2ba50412afdc2e765b7ca
SHA512 9c5586500936fb010512f76c978b6ba068855ae35af13deb3e3472e5d3b659dbf048e3ad3cb71bd34df69d34cd4ad42eba7856ae8e853c6202bed841b8de0133

C:\Program Files (x86)\yhfpqxenspzzdkehujktrbcjqze.llp

MD5 662a2990918ae049abe259e844e7bcc8
SHA1 49f893412f2405b3784e00d22ef232d81049a673
SHA256 3ff1d090c1f1dd16a068e529133c461a79240333f8d30d0cdc78da37bbd82153
SHA512 2d76275597a17819b30db0b4c30f1b1687bd1cb1c8d9a17c4a33fa70038a2c51965e9634f4f69788cd8223f1a7ff631581ae56eaa51f161191178c28c7307da1

Analysis: behavioral2

Detonation Overview

Submitted

2025-04-17 19:26

Reported

2025-04-17 19:29

Platform

win11-20250410-en

Max time kernel

40s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A

Pykspa

worm pykspa

Pykspa family

pykspa

UAC bypass

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A

Detect Pykspa worm

worm
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds policy Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sdpeoewebicjnb = "anbsewqazientjmz.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sdpeoewebicjnb = "dvokbyxmqeftezhzyzrjc.exe" C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vdmyfshmgkb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bricrmjwykjvexdtqpf.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vdmyfshmgkb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\anbsewqazientjmz.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mjn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\crnphytuldftezhzyzqfb.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sdpeoewebicjnb = "dvokbyxmqeftezhzyzrjc.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vdmyfshmgkb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bricrmjwykjvexdtqpf.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sdpeoewebicjnb = "bricrmjwykjvexdtqpf.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sdpeoewebicjnb = "qfvocwsefqozhzetpn.exe" C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sdpeoewebicjnb = "qfvocwsefqozhzetpn.exe" C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vdmyfshmgkb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qfvocwsefqozhzetpn.exe" C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vdmyfshmgkb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qfvocwsefqozhzetpn.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vdmyfshmgkb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hvkcpidooyvfmdhvq.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vdmyfshmgkb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ofxsiecqtggtdxevttkb.exe" C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mjn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zjaxkwmiuhentjmz.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vdmyfshmgkb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hvkcpidooyvfmdhvq.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vdmyfshmgkb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hvkcpidooyvfmdhvq.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sdpeoewebicjnb = "qfvocwsefqozhzetpn.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vdmyfshmgkb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bricrmjwykjvexdtqpf.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vdmyfshmgkb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dvokbyxmqeftezhzyzrjc.exe" C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nnuhkm = "grjhvizwjxvfmdhvq.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sdpeoewebicjnb = "anbsewqazientjmz.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sdpeoewebicjnb = "bricrmjwykjvexdtqpf.exe" C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vdmyfshmgkb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bricrmjwykjvexdtqpf.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sdpeoewebicjnb = "ofxsiecqtggtdxevttkb.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sdpeoewebicjnb = "bricrmjwykjvexdtqpf.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sdpeoewebicjnb = "anbsewqazientjmz.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vdmyfshmgkb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dvokbyxmqeftezhzyzrjc.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vdmyfshmgkb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qfvocwsefqozhzetpn.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nnuhkm = "anhhxmfetjjvexdtqpe.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sdpeoewebicjnb = "ofxsiecqtggtdxevttkb.exe" C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sdpeoewebicjnb = "dvokbyxmqeftezhzyzrjc.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sdpeoewebicjnb = "dvokbyxmqeftezhzyzrjc.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vdmyfshmgkb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ofxsiecqtggtdxevttkb.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sdpeoewebicjnb = "anbsewqazientjmz.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sdpeoewebicjnb = "ofxsiecqtggtdxevttkb.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vdmyfshmgkb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ofxsiecqtggtdxevttkb.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vdmyfshmgkb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\anbsewqazientjmz.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vdmyfshmgkb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dvokbyxmqeftezhzyzrjc.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vdmyfshmgkb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\anbsewqazientjmz.exe" C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sdpeoewebicjnb = "dvokbyxmqeftezhzyzrjc.exe" C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vdmyfshmgkb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qfvocwsefqozhzetpn.exe" C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sdpeoewebicjnb = "hvkcpidooyvfmdhvq.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sdpeoewebicjnb = "hvkcpidooyvfmdhvq.exe" C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vdmyfshmgkb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qfvocwsefqozhzetpn.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A

Disables RegEdit via registry modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Windows\hvkcpidooyvfmdhvq.exe N/A
N/A N/A C:\Windows\ofxsiecqtggtdxevttkb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Windows\anbsewqazientjmz.exe N/A
N/A N/A C:\Windows\hvkcpidooyvfmdhvq.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
N/A N/A C:\Windows\dvokbyxmqeftezhzyzrjc.exe N/A
N/A N/A C:\Windows\dvokbyxmqeftezhzyzrjc.exe N/A
N/A N/A C:\Windows\bricrmjwykjvexdtqpf.exe N/A
N/A N/A C:\Windows\anbsewqazientjmz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Windows\dvokbyxmqeftezhzyzrjc.exe N/A
N/A N/A C:\Windows\ofxsiecqtggtdxevttkb.exe N/A
N/A N/A C:\Windows\dvokbyxmqeftezhzyzrjc.exe N/A
N/A N/A C:\Windows\hvkcpidooyvfmdhvq.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Windows\anbsewqazientjmz.exe N/A
N/A N/A C:\Windows\anbsewqazientjmz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Windows\qfvocwsefqozhzetpn.exe N/A
N/A N/A C:\Windows\hvkcpidooyvfmdhvq.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Windows\dvokbyxmqeftezhzyzrjc.exe N/A
N/A N/A C:\Windows\anbsewqazientjmz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Windows\qfvocwsefqozhzetpn.exe N/A
N/A N/A C:\Windows\qfvocwsefqozhzetpn.exe N/A
N/A N/A C:\Windows\anbsewqazientjmz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Windows\hvkcpidooyvfmdhvq.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sblygukqlqin = "anbsewqazientjmz.exe" C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\vhukvmfomupxcrt = "ofxsiecqtggtdxevttkb.exe" C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\sblygukqlqin = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dvokbyxmqeftezhzyzrjc.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\rbmajypwsyrxa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bricrmjwykjvexdtqpf.exe ." C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\vhukvmfomupxcrt = "ofxsiecqtggtdxevttkb.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sblygukqlqin = "ofxsiecqtggtdxevttkb.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\sblygukqlqin = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bricrmjwykjvexdtqpf.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hvkcpidooyvfmdhvq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ofxsiecqtggtdxevttkb.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\anbsewqazientjmz = "hvkcpidooyvfmdhvq.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\vhukvmfomupxcrt = "dvokbyxmqeftezhzyzrjc.exe" C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\rbmajypwsyrxa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qfvocwsefqozhzetpn.exe ." C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sblygukqlqin = "bricrmjwykjvexdtqpf.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qfvocwsefqozhzetpn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qfvocwsefqozhzetpn.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qfvocwsefqozhzetpn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dvokbyxmqeftezhzyzrjc.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hvkcpidooyvfmdhvq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\anbsewqazientjmz.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qfvocwsefqozhzetpn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\anbsewqazientjmz.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\rbmajypwsyrxa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bricrmjwykjvexdtqpf.exe ." C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sblygukqlqin = "anbsewqazientjmz.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hvkcpidooyvfmdhvq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bricrmjwykjvexdtqpf.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\anbsewqazientjmz = "anbsewqazientjmz.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\rbmajypwsyrxa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hvkcpidooyvfmdhvq.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\rbmajypwsyrxa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\anbsewqazientjmz.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qfvocwsefqozhzetpn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qfvocwsefqozhzetpn.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\anbsewqazientjmz = "bricrmjwykjvexdtqpf.exe ." C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\cbhtv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nbwxoeyyofgtdxevttjx.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\rbmajypwsyrxa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bricrmjwykjvexdtqpf.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rbmajypwsyrxa = "qfvocwsefqozhzetpn.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qfvocwsefqozhzetpn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hvkcpidooyvfmdhvq.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\anbsewqazientjmz = "qfvocwsefqozhzetpn.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sblygukqlqin = "dvokbyxmqeftezhzyzrjc.exe" C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hvkcpidooyvfmdhvq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\anbsewqazientjmz.exe ." C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sblygukqlqin = "anbsewqazientjmz.exe" C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\rbmajypwsyrxa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ofxsiecqtggtdxevttkb.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hvkcpidooyvfmdhvq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ofxsiecqtggtdxevttkb.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\sblygukqlqin = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qfvocwsefqozhzetpn.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\trwh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\crnphytuldftezhzyzqfb.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\rbmajypwsyrxa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dvokbyxmqeftezhzyzrjc.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rbmajypwsyrxa = "bricrmjwykjvexdtqpf.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\anbsewqazientjmz = "dvokbyxmqeftezhzyzrjc.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\vhukvmfomupxcrt = "hvkcpidooyvfmdhvq.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\vhukvmfomupxcrt = "hvkcpidooyvfmdhvq.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hvkcpidooyvfmdhvq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ofxsiecqtggtdxevttkb.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\anbsewqazientjmz = "dvokbyxmqeftezhzyzrjc.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rbmajypwsyrxa = "ofxsiecqtggtdxevttkb.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qfvocwsefqozhzetpn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hvkcpidooyvfmdhvq.exe" C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rbmajypwsyrxa = "anbsewqazientjmz.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\sblygukqlqin = "C:\\Users\\Admin\\AppData\\Local\\Temp\\anbsewqazientjmz.exe" C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\sblygukqlqin = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bricrmjwykjvexdtqpf.exe" C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\rbmajypwsyrxa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ofxsiecqtggtdxevttkb.exe ." C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rbmajypwsyrxa = "hvkcpidooyvfmdhvq.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\anbsewqazientjmz = "bricrmjwykjvexdtqpf.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\trwh = "anhhxmfetjjvexdtqpe.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\rbmajypwsyrxa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hvkcpidooyvfmdhvq.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sblygukqlqin = "dvokbyxmqeftezhzyzrjc.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\sblygukqlqin = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ofxsiecqtggtdxevttkb.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\rbmajypwsyrxa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hvkcpidooyvfmdhvq.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rbmajypwsyrxa = "bricrmjwykjvexdtqpf.exe ." C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\vhukvmfomupxcrt = "qfvocwsefqozhzetpn.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sblygukqlqin = "anbsewqazientjmz.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\anbsewqazientjmz = "hvkcpidooyvfmdhvq.exe ." C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\sblygukqlqin = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bricrmjwykjvexdtqpf.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qfvocwsefqozhzetpn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qfvocwsefqozhzetpn.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rbmajypwsyrxa = "ofxsiecqtggtdxevttkb.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hvkcpidooyvfmdhvq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ofxsiecqtggtdxevttkb.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A

Checks whether UAC is enabled

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A

Hijack Execution Flow: Executable Installer File Permissions Weakness

defense_evasion persistence privilege_escalation
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A whatismyipaddress.com N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A www.showmyipaddress.com N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A www.whatismyip.ca N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\ofxsiecqtggtdxevttkb.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\dvokbyxmqeftezhzyzrjc.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\dvokbyxmqeftezhzyzrjc.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\hvkcpidooyvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
File opened for modification C:\Windows\SysWOW64\anbsewqazientjmz.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\qfvocwsefqozhzetpn.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\anbsewqazientjmz.exe C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
File opened for modification C:\Windows\SysWOW64\anbsewqazientjmz.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\qfvocwsefqozhzetpn.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\unhewuukpegvhdmffhatnk.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\ofxsiecqtggtdxevttkb.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\ofxsiecqtggtdxevttkb.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\dvokbyxmqeftezhzyzrjc.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\bricrmjwykjvexdtqpf.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\unhewuukpegvhdmffhatnk.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\bricrmjwykjvexdtqpf.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\dvokbyxmqeftezhzyzrjc.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\dvokbyxmqeftezhzyzrjc.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\qfvocwsefqozhzetpn.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\anbsewqazientjmz.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\hvkcpidooyvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\ofxsiecqtggtdxevttkb.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\anbsewqazientjmz.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\qfvocwsefqozhzetpn.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\unhewuukpegvhdmffhatnk.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\bricrmjwykjvexdtqpf.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\ofxsiecqtggtdxevttkb.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\bricrmjwykjvexdtqpf.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\bricrmjwykjvexdtqpf.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\qfvocwsefqozhzetpn.exe C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
File opened for modification C:\Windows\SysWOW64\ofxsiecqtggtdxevttkb.exe C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
File opened for modification C:\Windows\SysWOW64\unhewuukpegvhdmffhatnk.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\hvkcpidooyvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\unhewuukpegvhdmffhatnk.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\qfvocwsefqozhzetpn.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\hvkcpidooyvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
File opened for modification C:\Windows\SysWOW64\dvokbyxmqeftezhzyzrjc.exe C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
File opened for modification C:\Windows\SysWOW64\unhewuukpegvhdmffhatnk.exe C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
File opened for modification C:\Windows\SysWOW64\anbsewqazientjmz.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\bricrmjwykjvexdtqpf.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\ofxsiecqtggtdxevttkb.exe C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
File opened for modification C:\Windows\SysWOW64\bricrmjwykjvexdtqpf.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\ofxsiecqtggtdxevttkb.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\bricrmjwykjvexdtqpf.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\unhewuukpegvhdmffhatnk.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\ofxsiecqtggtdxevttkb.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\dvokbyxmqeftezhzyzrjc.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File created C:\Windows\SysWOW64\vhukvmfomupxcrtfytfreufwpywezhmbdpidp.oep C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
File opened for modification C:\Windows\SysWOW64\hvkcpidooyvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\qfvocwsefqozhzetpn.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\unhewuukpegvhdmffhatnk.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\hvkcpidooyvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\dvokbyxmqeftezhzyzrjc.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\dvokbyxmqeftezhzyzrjc.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\anbsewqazientjmz.exe C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
File opened for modification C:\Windows\SysWOW64\ofxsiecqtggtdxevttkb.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\ofxsiecqtggtdxevttkb.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\hvkcpidooyvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\unhewuukpegvhdmffhatnk.exe C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
File opened for modification C:\Windows\SysWOW64\bricrmjwykjvexdtqpf.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\hvkcpidooyvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\unhewuukpegvhdmffhatnk.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\vhukvmfomupxcrtfytfreufwpywezhmbdpidp.oep C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
File opened for modification C:\Windows\SysWOW64\qfvocwsefqozhzetpn.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\uvxcciqobyifzduvdnoprwwcki.scz C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
File created C:\Program Files (x86)\uvxcciqobyifzduvdnoprwwcki.scz C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
File opened for modification C:\Program Files (x86)\vhukvmfomupxcrtfytfreufwpywezhmbdpidp.oep C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
File created C:\Program Files (x86)\vhukvmfomupxcrtfytfreufwpywezhmbdpidp.oep C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\anbsewqazientjmz.exe C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
File opened for modification C:\Windows\unhewuukpegvhdmffhatnk.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\dvokbyxmqeftezhzyzrjc.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\unhewuukpegvhdmffhatnk.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\unhewuukpegvhdmffhatnk.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\hvkcpidooyvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\ofxsiecqtggtdxevttkb.exe C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
File opened for modification C:\Windows\qfvocwsefqozhzetpn.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\anbsewqazientjmz.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\qfvocwsefqozhzetpn.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\hvkcpidooyvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\anbsewqazientjmz.exe C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
File created C:\Windows\uvxcciqobyifzduvdnoprwwcki.scz C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
File opened for modification C:\Windows\anbsewqazientjmz.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\hvkcpidooyvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\bricrmjwykjvexdtqpf.exe C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
File opened for modification C:\Windows\unhewuukpegvhdmffhatnk.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\anbsewqazientjmz.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\dvokbyxmqeftezhzyzrjc.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\bricrmjwykjvexdtqpf.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\bricrmjwykjvexdtqpf.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\qfvocwsefqozhzetpn.exe C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
File opened for modification C:\Windows\ofxsiecqtggtdxevttkb.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\anbsewqazientjmz.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\qfvocwsefqozhzetpn.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\anbsewqazientjmz.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\qfvocwsefqozhzetpn.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\bricrmjwykjvexdtqpf.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\qfvocwsefqozhzetpn.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\dvokbyxmqeftezhzyzrjc.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\unhewuukpegvhdmffhatnk.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\anbsewqazientjmz.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\ofxsiecqtggtdxevttkb.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\dvokbyxmqeftezhzyzrjc.exe C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
File opened for modification C:\Windows\hvkcpidooyvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\qfvocwsefqozhzetpn.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\ofxsiecqtggtdxevttkb.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\ofxsiecqtggtdxevttkb.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\unhewuukpegvhdmffhatnk.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\hvkcpidooyvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\anbsewqazientjmz.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\dvokbyxmqeftezhzyzrjc.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\unhewuukpegvhdmffhatnk.exe C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
File opened for modification C:\Windows\anbsewqazientjmz.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\anbsewqazientjmz.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\bricrmjwykjvexdtqpf.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\dvokbyxmqeftezhzyzrjc.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\dvokbyxmqeftezhzyzrjc.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\qfvocwsefqozhzetpn.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\bricrmjwykjvexdtqpf.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\vhukvmfomupxcrtfytfreufwpywezhmbdpidp.oep C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
File opened for modification C:\Windows\unhewuukpegvhdmffhatnk.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\unhewuukpegvhdmffhatnk.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\ofxsiecqtggtdxevttkb.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\hvkcpidooyvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\unhewuukpegvhdmffhatnk.exe C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
File opened for modification C:\Windows\bricrmjwykjvexdtqpf.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\bricrmjwykjvexdtqpf.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\anbsewqazientjmz.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\ofxsiecqtggtdxevttkb.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\qfvocwsefqozhzetpn.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\ofxsiecqtggtdxevttkb.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\dvokbyxmqeftezhzyzrjc.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\hvkcpidooyvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\nbwxoeyyofgtdxevttjx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\qfvocwsefqozhzetpn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\anbsewqazientjmz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\hvkcpidooyvfmdhvq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\anbsewqazientjmz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\anbsewqazientjmz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\anbsewqazientjmz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bricrmjwykjvexdtqpf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\pbutiwomapozhzetpn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\pbutiwomapozhzetpn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\anbsewqazientjmz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\dvokbyxmqeftezhzyzrjc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ofxsiecqtggtdxevttkb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\dvokbyxmqeftezhzyzrjc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bricrmjwykjvexdtqpf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\hvkcpidooyvfmdhvq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\dvokbyxmqeftezhzyzrjc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\hvkcpidooyvfmdhvq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\crnphytuldftezhzyzqfb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bricrmjwykjvexdtqpf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\hvkcpidooyvfmdhvq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\crnphytuldftezhzyzqfb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\grjhvizwjxvfmdhvq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\qfvocwsefqozhzetpn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zjaxkwmiuhentjmz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\qfvocwsefqozhzetpn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\hvkcpidooyvfmdhvq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ofxsiecqtggtdxevttkb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\dvokbyxmqeftezhzyzrjc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\dvokbyxmqeftezhzyzrjc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\anbsewqazientjmz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\dvokbyxmqeftezhzyzrjc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\hvkcpidooyvfmdhvq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\anhhxmfetjjvexdtqpe.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\anbsewqazientjmz.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4700 wrote to memory of 4664 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 4700 wrote to memory of 4664 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 4700 wrote to memory of 4664 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 1544 wrote to memory of 2760 N/A C:\Windows\system32\cmd.exe C:\Windows\hvkcpidooyvfmdhvq.exe
PID 1544 wrote to memory of 2760 N/A C:\Windows\system32\cmd.exe C:\Windows\hvkcpidooyvfmdhvq.exe
PID 1544 wrote to memory of 2760 N/A C:\Windows\system32\cmd.exe C:\Windows\hvkcpidooyvfmdhvq.exe
PID 4804 wrote to memory of 4824 N/A C:\Windows\system32\cmd.exe C:\Windows\ofxsiecqtggtdxevttkb.exe
PID 4804 wrote to memory of 4824 N/A C:\Windows\system32\cmd.exe C:\Windows\ofxsiecqtggtdxevttkb.exe
PID 4804 wrote to memory of 4824 N/A C:\Windows\system32\cmd.exe C:\Windows\ofxsiecqtggtdxevttkb.exe
PID 4824 wrote to memory of 5068 N/A C:\Windows\ofxsiecqtggtdxevttkb.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 4824 wrote to memory of 5068 N/A C:\Windows\ofxsiecqtggtdxevttkb.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 4824 wrote to memory of 5068 N/A C:\Windows\ofxsiecqtggtdxevttkb.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 4368 wrote to memory of 2660 N/A C:\Windows\system32\cmd.exe C:\Windows\anbsewqazientjmz.exe
PID 4368 wrote to memory of 2660 N/A C:\Windows\system32\cmd.exe C:\Windows\anbsewqazientjmz.exe
PID 4368 wrote to memory of 2660 N/A C:\Windows\system32\cmd.exe C:\Windows\anbsewqazientjmz.exe
PID 5016 wrote to memory of 4484 N/A C:\Windows\system32\cmd.exe C:\Windows\hvkcpidooyvfmdhvq.exe
PID 5016 wrote to memory of 4484 N/A C:\Windows\system32\cmd.exe C:\Windows\hvkcpidooyvfmdhvq.exe
PID 5016 wrote to memory of 4484 N/A C:\Windows\system32\cmd.exe C:\Windows\hvkcpidooyvfmdhvq.exe
PID 4484 wrote to memory of 5052 N/A C:\Windows\hvkcpidooyvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 4484 wrote to memory of 5052 N/A C:\Windows\hvkcpidooyvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 4484 wrote to memory of 5052 N/A C:\Windows\hvkcpidooyvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 4396 wrote to memory of 3028 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe
PID 4396 wrote to memory of 3028 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe
PID 4396 wrote to memory of 3028 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe
PID 716 wrote to memory of 3972 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe
PID 716 wrote to memory of 3972 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe
PID 716 wrote to memory of 3972 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe
PID 3972 wrote to memory of 4020 N/A C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 3972 wrote to memory of 4020 N/A C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 3972 wrote to memory of 4020 N/A C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 3396 wrote to memory of 2620 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
PID 3396 wrote to memory of 2620 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
PID 3396 wrote to memory of 2620 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe
PID 4596 wrote to memory of 5736 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
PID 4596 wrote to memory of 5736 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
PID 4596 wrote to memory of 5736 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe
PID 5736 wrote to memory of 4768 N/A C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 5736 wrote to memory of 4768 N/A C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 5736 wrote to memory of 4768 N/A C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 4664 wrote to memory of 5304 N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe C:\Users\Admin\AppData\Local\Temp\dfiop.exe
PID 4664 wrote to memory of 5304 N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe C:\Users\Admin\AppData\Local\Temp\dfiop.exe
PID 4664 wrote to memory of 5304 N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe C:\Users\Admin\AppData\Local\Temp\dfiop.exe
PID 4664 wrote to memory of 2072 N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe C:\Users\Admin\AppData\Local\Temp\dfiop.exe
PID 4664 wrote to memory of 2072 N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe C:\Users\Admin\AppData\Local\Temp\dfiop.exe
PID 4664 wrote to memory of 2072 N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe C:\Users\Admin\AppData\Local\Temp\dfiop.exe
PID 224 wrote to memory of 2604 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 224 wrote to memory of 2604 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 224 wrote to memory of 2604 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 5716 wrote to memory of 3452 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
PID 5716 wrote to memory of 3452 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
PID 5716 wrote to memory of 3452 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\cbhtv.exe
PID 5896 wrote to memory of 4740 N/A C:\Windows\system32\cmd.exe C:\Windows\bricrmjwykjvexdtqpf.exe
PID 5896 wrote to memory of 4740 N/A C:\Windows\system32\cmd.exe C:\Windows\bricrmjwykjvexdtqpf.exe
PID 5896 wrote to memory of 4740 N/A C:\Windows\system32\cmd.exe C:\Windows\bricrmjwykjvexdtqpf.exe
PID 1356 wrote to memory of 1228 N/A C:\Windows\system32\cmd.exe C:\Windows\anbsewqazientjmz.exe
PID 1356 wrote to memory of 1228 N/A C:\Windows\system32\cmd.exe C:\Windows\anbsewqazientjmz.exe
PID 1356 wrote to memory of 1228 N/A C:\Windows\system32\cmd.exe C:\Windows\anbsewqazientjmz.exe
PID 4740 wrote to memory of 1936 N/A C:\Windows\bricrmjwykjvexdtqpf.exe C:\Windows\pbutiwomapozhzetpn.exe
PID 4740 wrote to memory of 1936 N/A C:\Windows\bricrmjwykjvexdtqpf.exe C:\Windows\pbutiwomapozhzetpn.exe
PID 4740 wrote to memory of 1936 N/A C:\Windows\bricrmjwykjvexdtqpf.exe C:\Windows\pbutiwomapozhzetpn.exe
PID 1228 wrote to memory of 5848 N/A C:\Windows\anbsewqazientjmz.exe C:\Windows\system32\cmd.exe
PID 1228 wrote to memory of 5848 N/A C:\Windows\anbsewqazientjmz.exe C:\Windows\system32\cmd.exe
PID 1228 wrote to memory of 5848 N/A C:\Windows\anbsewqazientjmz.exe C:\Windows\system32\cmd.exe
PID 3884 wrote to memory of 2784 N/A C:\Windows\system32\cmd.exe C:\Windows\dvokbyxmqeftezhzyzrjc.exe

System policy modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\dfiop.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bad3aa8bfd42552d828c35c8202f43f6.exe"

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_bad3aa8bfd42552d828c35c8202f43f6.exe*"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe

C:\Windows\hvkcpidooyvfmdhvq.exe

hvkcpidooyvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ofxsiecqtggtdxevttkb.exe .

C:\Windows\ofxsiecqtggtdxevttkb.exe

ofxsiecqtggtdxevttkb.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ofxsiecqtggtdxevttkb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe .

C:\Windows\anbsewqazientjmz.exe

anbsewqazientjmz.exe

C:\Windows\hvkcpidooyvfmdhvq.exe

hvkcpidooyvfmdhvq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hvkcpidooyvfmdhvq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .

C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe

C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe

C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe

C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ofxsiecqtggtdxevttkb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe

C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe

C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hvkcpidooyvfmdhvq.exe*."

C:\Users\Admin\AppData\Local\Temp\dfiop.exe

"C:\Users\Admin\AppData\Local\Temp\dfiop.exe" "-C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe"

C:\Users\Admin\AppData\Local\Temp\dfiop.exe

"C:\Users\Admin\AppData\Local\Temp\dfiop.exe" "-C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dvokbyxmqeftezhzyzrjc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dvokbyxmqeftezhzyzrjc.exe

C:\Windows\dvokbyxmqeftezhzyzrjc.exe

dvokbyxmqeftezhzyzrjc.exe

C:\Windows\dvokbyxmqeftezhzyzrjc.exe

dvokbyxmqeftezhzyzrjc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bricrmjwykjvexdtqpf.exe .

C:\Windows\bricrmjwykjvexdtqpf.exe

bricrmjwykjvexdtqpf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe .

C:\Windows\anbsewqazientjmz.exe

anbsewqazientjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dvokbyxmqeftezhzyzrjc.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\bricrmjwykjvexdtqpf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ofxsiecqtggtdxevttkb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dvokbyxmqeftezhzyzrjc.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\anbsewqazientjmz.exe*."

C:\Windows\dvokbyxmqeftezhzyzrjc.exe

dvokbyxmqeftezhzyzrjc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe .

C:\Windows\ofxsiecqtggtdxevttkb.exe

ofxsiecqtggtdxevttkb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .

C:\Windows\dvokbyxmqeftezhzyzrjc.exe

dvokbyxmqeftezhzyzrjc.exe

C:\Windows\hvkcpidooyvfmdhvq.exe

hvkcpidooyvfmdhvq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .

C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ofxsiecqtggtdxevttkb.exe*."

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .

C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe

C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hvkcpidooyvfmdhvq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bricrmjwykjvexdtqpf.exe*."

C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe

C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .

C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ofxsiecqtggtdxevttkb.exe*."

C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe

C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\qfvocwsefqozhzetpn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bricrmjwykjvexdtqpf.exe*."

C:\Windows\anbsewqazientjmz.exe

anbsewqazientjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe .

C:\Windows\anbsewqazientjmz.exe

anbsewqazientjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qfvocwsefqozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\anbsewqazientjmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zjaxkwmiuhentjmz.exe

C:\Windows\qfvocwsefqozhzetpn.exe

qfvocwsefqozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe .

C:\Windows\zjaxkwmiuhentjmz.exe

zjaxkwmiuhentjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Windows\hvkcpidooyvfmdhvq.exe

hvkcpidooyvfmdhvq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c crnphytuldftezhzyzqfb.exe .

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .

C:\Windows\crnphytuldftezhzyzqfb.exe

crnphytuldftezhzyzqfb.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hvkcpidooyvfmdhvq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c anhhxmfetjjvexdtqpe.exe

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\crnphytuldftezhzyzqfb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pbutiwomapozhzetpn.exe .

C:\Windows\anhhxmfetjjvexdtqpe.exe

anhhxmfetjjvexdtqpe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bricrmjwykjvexdtqpf.exe*."

C:\Windows\pbutiwomapozhzetpn.exe

pbutiwomapozhzetpn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\crnphytuldftezhzyzqfb.exe .

C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe

C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\pbutiwomapozhzetpn.exe*."

C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe

C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .

C:\Users\Admin\AppData\Local\Temp\crnphytuldftezhzyzqfb.exe

C:\Users\Admin\AppData\Local\Temp\crnphytuldftezhzyzqfb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbwxoeyyofgtdxevttjx.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ofxsiecqtggtdxevttkb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbwxoeyyofgtdxevttjx.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\crnphytuldftezhzyzqfb.exe*."

C:\Users\Admin\AppData\Local\Temp\nbwxoeyyofgtdxevttjx.exe

C:\Users\Admin\AppData\Local\Temp\nbwxoeyyofgtdxevttjx.exe

C:\Users\Admin\AppData\Local\Temp\nbwxoeyyofgtdxevttjx.exe

C:\Users\Admin\AppData\Local\Temp\nbwxoeyyofgtdxevttjx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dvokbyxmqeftezhzyzrjc.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\nbwxoeyyofgtdxevttjx.exe*."

C:\Windows\dvokbyxmqeftezhzyzrjc.exe

dvokbyxmqeftezhzyzrjc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe .

C:\Windows\anbsewqazientjmz.exe

anbsewqazientjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qfvocwsefqozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\anbsewqazientjmz.exe*."

C:\Windows\qfvocwsefqozhzetpn.exe

qfvocwsefqozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qfvocwsefqozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Windows\qfvocwsefqozhzetpn.exe

qfvocwsefqozhzetpn.exe

C:\Windows\anbsewqazientjmz.exe

anbsewqazientjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bricrmjwykjvexdtqpf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ofxsiecqtggtdxevttkb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ofxsiecqtggtdxevttkb.exe

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\anbsewqazientjmz.exe*."

C:\Windows\hvkcpidooyvfmdhvq.exe

hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe

C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dvokbyxmqeftezhzyzrjc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe

C:\Windows\ofxsiecqtggtdxevttkb.exe

ofxsiecqtggtdxevttkb.exe .

C:\Windows\bricrmjwykjvexdtqpf.exe

bricrmjwykjvexdtqpf.exe .

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bricrmjwykjvexdtqpf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\ofxsiecqtggtdxevttkb.exe

ofxsiecqtggtdxevttkb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe .

C:\Windows\dvokbyxmqeftezhzyzrjc.exe

dvokbyxmqeftezhzyzrjc.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ofxsiecqtggtdxevttkb.exe*."

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\bricrmjwykjvexdtqpf.exe*."

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ofxsiecqtggtdxevttkb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe

C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .

C:\Windows\anbsewqazientjmz.exe

anbsewqazientjmz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\bricrmjwykjvexdtqpf.exe

bricrmjwykjvexdtqpf.exe .

C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe

C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe

C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .

C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe

C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\dvokbyxmqeftezhzyzrjc.exe*."

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bricrmjwykjvexdtqpf.exe

C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe

C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\bricrmjwykjvexdtqpf.exe*."

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ofxsiecqtggtdxevttkb.exe*."

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ofxsiecqtggtdxevttkb.exe*."

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .

C:\Windows\bricrmjwykjvexdtqpf.exe

bricrmjwykjvexdtqpf.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\anbsewqazientjmz.exe*."

C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe

C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bricrmjwykjvexdtqpf.exe*."

C:\Windows\anbsewqazientjmz.exe

anbsewqazientjmz.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hvkcpidooyvfmdhvq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qfvocwsefqozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\anbsewqazientjmz.exe*."

C:\Windows\qfvocwsefqozhzetpn.exe

qfvocwsefqozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dvokbyxmqeftezhzyzrjc.exe .

C:\Windows\dvokbyxmqeftezhzyzrjc.exe

dvokbyxmqeftezhzyzrjc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\dvokbyxmqeftezhzyzrjc.exe*."

C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe

C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c anhhxmfetjjvexdtqpe.exe

C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe

C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe .

C:\Windows\anhhxmfetjjvexdtqpe.exe

anhhxmfetjjvexdtqpe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pbutiwomapozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\dvokbyxmqeftezhzyzrjc.exe*."

C:\Windows\pbutiwomapozhzetpn.exe

pbutiwomapozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\pbutiwomapozhzetpn.exe*."

C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe

C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c grjhvizwjxvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .

C:\Windows\grjhvizwjxvfmdhvq.exe

grjhvizwjxvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c anhhxmfetjjvexdtqpe.exe .

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .

C:\Windows\anhhxmfetjjvexdtqpe.exe

anhhxmfetjjvexdtqpe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\grjhvizwjxvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bricrmjwykjvexdtqpf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pbutiwomapozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\anhhxmfetjjvexdtqpe.exe*."

C:\Users\Admin\AppData\Local\Temp\grjhvizwjxvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\grjhvizwjxvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\pbutiwomapozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\pbutiwomapozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\pbutiwomapozhzetpn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\crnphytuldftezhzyzqfb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ofxsiecqtggtdxevttkb.exe

C:\Windows\ofxsiecqtggtdxevttkb.exe

ofxsiecqtggtdxevttkb.exe

C:\Users\Admin\AppData\Local\Temp\crnphytuldftezhzyzqfb.exe

C:\Users\Admin\AppData\Local\Temp\crnphytuldftezhzyzqfb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe .

C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe

C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dvokbyxmqeftezhzyzrjc.exe .

C:\Windows\dvokbyxmqeftezhzyzrjc.exe

dvokbyxmqeftezhzyzrjc.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\zjaxkwmiuhentjmz.exe*."

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\dvokbyxmqeftezhzyzrjc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe

C:\Windows\anbsewqazientjmz.exe

anbsewqazientjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bricrmjwykjvexdtqpf.exe .

C:\Windows\bricrmjwykjvexdtqpf.exe

bricrmjwykjvexdtqpf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\bricrmjwykjvexdtqpf.exe*."

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hvkcpidooyvfmdhvq.exe*."

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hvkcpidooyvfmdhvq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe

C:\Windows\anbsewqazientjmz.exe

anbsewqazientjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bricrmjwykjvexdtqpf.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\bricrmjwykjvexdtqpf.exe

bricrmjwykjvexdtqpf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ofxsiecqtggtdxevttkb.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\bricrmjwykjvexdtqpf.exe*."

C:\Windows\ofxsiecqtggtdxevttkb.exe

ofxsiecqtggtdxevttkb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe .

C:\Windows\hvkcpidooyvfmdhvq.exe

hvkcpidooyvfmdhvq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hvkcpidooyvfmdhvq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hvkcpidooyvfmdhvq.exe*."

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe .

C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe

C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\dvokbyxmqeftezhzyzrjc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ofxsiecqtggtdxevttkb.exe

C:\Windows\ofxsiecqtggtdxevttkb.exe

ofxsiecqtggtdxevttkb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qfvocwsefqozhzetpn.exe .

C:\Windows\qfvocwsefqozhzetpn.exe

qfvocwsefqozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\qfvocwsefqozhzetpn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe

C:\Windows\hvkcpidooyvfmdhvq.exe

hvkcpidooyvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dvokbyxmqeftezhzyzrjc.exe .

C:\Windows\dvokbyxmqeftezhzyzrjc.exe

dvokbyxmqeftezhzyzrjc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe

C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe

C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\dvokbyxmqeftezhzyzrjc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe .

C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe

C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\dvokbyxmqeftezhzyzrjc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"

C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .

C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe

C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ofxsiecqtggtdxevttkb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ofxsiecqtggtdxevttkb.exe

C:\Windows\ofxsiecqtggtdxevttkb.exe

ofxsiecqtggtdxevttkb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qfvocwsefqozhzetpn.exe .

C:\Windows\qfvocwsefqozhzetpn.exe

qfvocwsefqozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\qfvocwsefqozhzetpn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe

C:\Windows\hvkcpidooyvfmdhvq.exe

hvkcpidooyvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe .

C:\Windows\anbsewqazientjmz.exe

anbsewqazientjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe

C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\anbsewqazientjmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe .

C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe

C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\anbsewqazientjmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hvkcpidooyvfmdhvq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bricrmjwykjvexdtqpf.exe

C:\Windows\bricrmjwykjvexdtqpf.exe

bricrmjwykjvexdtqpf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe .

C:\Windows\anbsewqazientjmz.exe

anbsewqazientjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\anbsewqazientjmz.exe*."

C:\Windows\hvkcpidooyvfmdhvq.exe

hvkcpidooyvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe .

C:\Windows\hvkcpidooyvfmdhvq.exe

hvkcpidooyvfmdhvq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe

C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe

C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hvkcpidooyvfmdhvq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\qfvocwsefqozhzetpn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe

C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe

C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hvkcpidooyvfmdhvq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe

C:\Windows\anbsewqazientjmz.exe

anbsewqazientjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bricrmjwykjvexdtqpf.exe .

C:\Windows\bricrmjwykjvexdtqpf.exe

bricrmjwykjvexdtqpf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ofxsiecqtggtdxevttkb.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\bricrmjwykjvexdtqpf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe

C:\Windows\ofxsiecqtggtdxevttkb.exe

ofxsiecqtggtdxevttkb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dvokbyxmqeftezhzyzrjc.exe

C:\Windows\hvkcpidooyvfmdhvq.exe

hvkcpidooyvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dvokbyxmqeftezhzyzrjc.exe .

C:\Windows\dvokbyxmqeftezhzyzrjc.exe

dvokbyxmqeftezhzyzrjc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qfvocwsefqozhzetpn.exe .

C:\Windows\dvokbyxmqeftezhzyzrjc.exe

dvokbyxmqeftezhzyzrjc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Windows\qfvocwsefqozhzetpn.exe

qfvocwsefqozhzetpn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ofxsiecqtggtdxevttkb.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\dvokbyxmqeftezhzyzrjc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\ofxsiecqtggtdxevttkb.exe

ofxsiecqtggtdxevttkb.exe .

C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe

C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dvokbyxmqeftezhzyzrjc.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\qfvocwsefqozhzetpn.exe*."

C:\Windows\anbsewqazientjmz.exe

anbsewqazientjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ofxsiecqtggtdxevttkb.exe*."

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ofxsiecqtggtdxevttkb.exe*."

C:\Windows\dvokbyxmqeftezhzyzrjc.exe

dvokbyxmqeftezhzyzrjc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .

C:\Windows\hvkcpidooyvfmdhvq.exe

hvkcpidooyvfmdhvq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .

C:\Windows\anbsewqazientjmz.exe

anbsewqazientjmz.exe .

C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hvkcpidooyvfmdhvq.exe*."

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\anbsewqazientjmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bricrmjwykjvexdtqpf.exe*."

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe

C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe

C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ofxsiecqtggtdxevttkb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qfvocwsefqozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ofxsiecqtggtdxevttkb.exe*."

C:\Windows\qfvocwsefqozhzetpn.exe

qfvocwsefqozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hvkcpidooyvfmdhvq.exe*."

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qfvocwsefqozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hvkcpidooyvfmdhvq.exe*."

C:\Windows\qfvocwsefqozhzetpn.exe

qfvocwsefqozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\qfvocwsefqozhzetpn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe

C:\Windows\anbsewqazientjmz.exe

anbsewqazientjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe .

C:\Windows\hvkcpidooyvfmdhvq.exe

hvkcpidooyvfmdhvq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hvkcpidooyvfmdhvq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe .

C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe

C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c grjhvizwjxvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\anbsewqazientjmz.exe*."

C:\Windows\grjhvizwjxvfmdhvq.exe

grjhvizwjxvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c crnphytuldftezhzyzqfb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe

C:\Windows\crnphytuldftezhzyzqfb.exe

crnphytuldftezhzyzqfb.exe .

C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\crnphytuldftezhzyzqfb.exe*."

C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe

C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbwxoeyyofgtdxevttjx.exe

C:\Windows\nbwxoeyyofgtdxevttjx.exe

nbwxoeyyofgtdxevttjx.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ofxsiecqtggtdxevttkb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c grjhvizwjxvfmdhvq.exe .

C:\Windows\grjhvizwjxvfmdhvq.exe

grjhvizwjxvfmdhvq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\grjhvizwjxvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pbutiwomapozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\grjhvizwjxvfmdhvq.exe*."

C:\Users\Admin\AppData\Local\Temp\grjhvizwjxvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\grjhvizwjxvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\pbutiwomapozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\pbutiwomapozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\pbutiwomapozhzetpn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qfvocwsefqozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbwxoeyyofgtdxevttjx.exe

C:\Windows\qfvocwsefqozhzetpn.exe

qfvocwsefqozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\nbwxoeyyofgtdxevttjx.exe

C:\Users\Admin\AppData\Local\Temp\nbwxoeyyofgtdxevttjx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe

C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ofxsiecqtggtdxevttkb.exe .

C:\Windows\ofxsiecqtggtdxevttkb.exe

ofxsiecqtggtdxevttkb.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\zjaxkwmiuhentjmz.exe*."

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ofxsiecqtggtdxevttkb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe

C:\Windows\anbsewqazientjmz.exe

anbsewqazientjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dvokbyxmqeftezhzyzrjc.exe .

C:\Windows\dvokbyxmqeftezhzyzrjc.exe

dvokbyxmqeftezhzyzrjc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe

C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe

C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\dvokbyxmqeftezhzyzrjc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe .

C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe

C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\dvokbyxmqeftezhzyzrjc.exe*."

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe .

C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe

C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\dvokbyxmqeftezhzyzrjc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe

C:\Windows\hvkcpidooyvfmdhvq.exe

hvkcpidooyvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dvokbyxmqeftezhzyzrjc.exe .

C:\Windows\dvokbyxmqeftezhzyzrjc.exe

dvokbyxmqeftezhzyzrjc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bricrmjwykjvexdtqpf.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\dvokbyxmqeftezhzyzrjc.exe*."

C:\Windows\bricrmjwykjvexdtqpf.exe

bricrmjwykjvexdtqpf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ofxsiecqtggtdxevttkb.exe .

C:\Windows\ofxsiecqtggtdxevttkb.exe

ofxsiecqtggtdxevttkb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe

C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe

C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ofxsiecqtggtdxevttkb.exe*."

C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\qfvocwsefqozhzetpn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe .

C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe

C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\anbsewqazientjmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bricrmjwykjvexdtqpf.exe

C:\Windows\bricrmjwykjvexdtqpf.exe

bricrmjwykjvexdtqpf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe .

C:\Windows\hvkcpidooyvfmdhvq.exe

hvkcpidooyvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hvkcpidooyvfmdhvq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dvokbyxmqeftezhzyzrjc.exe

C:\Windows\dvokbyxmqeftezhzyzrjc.exe

dvokbyxmqeftezhzyzrjc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bricrmjwykjvexdtqpf.exe .

C:\Windows\bricrmjwykjvexdtqpf.exe

bricrmjwykjvexdtqpf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\bricrmjwykjvexdtqpf.exe*."

C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .

C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe

C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ofxsiecqtggtdxevttkb.exe*."

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe

C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe

C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hvkcpidooyvfmdhvq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dvokbyxmqeftezhzyzrjc.exe

C:\Windows\dvokbyxmqeftezhzyzrjc.exe

dvokbyxmqeftezhzyzrjc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bricrmjwykjvexdtqpf.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\bricrmjwykjvexdtqpf.exe

bricrmjwykjvexdtqpf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\bricrmjwykjvexdtqpf.exe*."

C:\Windows\anbsewqazientjmz.exe

anbsewqazientjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dvokbyxmqeftezhzyzrjc.exe .

C:\Windows\dvokbyxmqeftezhzyzrjc.exe

dvokbyxmqeftezhzyzrjc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\dvokbyxmqeftezhzyzrjc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bricrmjwykjvexdtqpf.exe*."

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe

C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe

C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .

C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe

C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ofxsiecqtggtdxevttkb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dvokbyxmqeftezhzyzrjc.exe

C:\Windows\dvokbyxmqeftezhzyzrjc.exe

dvokbyxmqeftezhzyzrjc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qfvocwsefqozhzetpn.exe .

C:\Windows\qfvocwsefqozhzetpn.exe

qfvocwsefqozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\qfvocwsefqozhzetpn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe

C:\Windows\hvkcpidooyvfmdhvq.exe

hvkcpidooyvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe .

C:\Windows\anbsewqazientjmz.exe

anbsewqazientjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe

C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe

C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\anbsewqazientjmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hvkcpidooyvfmdhvq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"

C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe

C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bricrmjwykjvexdtqpf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe

C:\Windows\anbsewqazientjmz.exe

anbsewqazientjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe .

C:\Windows\hvkcpidooyvfmdhvq.exe

hvkcpidooyvfmdhvq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hvkcpidooyvfmdhvq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe

C:\Windows\anbsewqazientjmz.exe

anbsewqazientjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qfvocwsefqozhzetpn.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\anbsewqazientjmz.exe

anbsewqazientjmz.exe

C:\Windows\qfvocwsefqozhzetpn.exe

qfvocwsefqozhzetpn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe

C:\Windows\anbsewqazientjmz.exe

anbsewqazientjmz.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\qfvocwsefqozhzetpn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe

C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe .

C:\Windows\hvkcpidooyvfmdhvq.exe

hvkcpidooyvfmdhvq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe

C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe .

C:\Windows\hvkcpidooyvfmdhvq.exe

hvkcpidooyvfmdhvq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dvokbyxmqeftezhzyzrjc.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hvkcpidooyvfmdhvq.exe*."

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ofxsiecqtggtdxevttkb.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\anbsewqazientjmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bricrmjwykjvexdtqpf.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\dvokbyxmqeftezhzyzrjc.exe

dvokbyxmqeftezhzyzrjc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hvkcpidooyvfmdhvq.exe*."

C:\Windows\bricrmjwykjvexdtqpf.exe

bricrmjwykjvexdtqpf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ofxsiecqtggtdxevttkb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Windows\ofxsiecqtggtdxevttkb.exe

ofxsiecqtggtdxevttkb.exe

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .

C:\Windows\ofxsiecqtggtdxevttkb.exe

ofxsiecqtggtdxevttkb.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\bricrmjwykjvexdtqpf.exe*."

C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe

C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe

C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe

C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ofxsiecqtggtdxevttkb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hvkcpidooyvfmdhvq.exe*."

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hvkcpidooyvfmdhvq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe

C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe

C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe .

C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe

C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bricrmjwykjvexdtqpf.exe*."

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe .

C:\Windows\anbsewqazientjmz.exe

anbsewqazientjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ofxsiecqtggtdxevttkb.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\dvokbyxmqeftezhzyzrjc.exe*."

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\qfvocwsefqozhzetpn.exe*."

C:\Windows\ofxsiecqtggtdxevttkb.exe

ofxsiecqtggtdxevttkb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ofxsiecqtggtdxevttkb.exe*."

C:\Windows\anbsewqazientjmz.exe

anbsewqazientjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe .

C:\Windows\hvkcpidooyvfmdhvq.exe

hvkcpidooyvfmdhvq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe

C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe

C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hvkcpidooyvfmdhvq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bricrmjwykjvexdtqpf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pbutiwomapozhzetpn.exe

C:\Windows\pbutiwomapozhzetpn.exe

pbutiwomapozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zjaxkwmiuhentjmz.exe .

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe .

C:\Windows\zjaxkwmiuhentjmz.exe

zjaxkwmiuhentjmz.exe .

C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe

C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\anbsewqazientjmz.exe*."

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\zjaxkwmiuhentjmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbwxoeyyofgtdxevttjx.exe

C:\Windows\nbwxoeyyofgtdxevttjx.exe

nbwxoeyyofgtdxevttjx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pbutiwomapozhzetpn.exe .

C:\Windows\pbutiwomapozhzetpn.exe

pbutiwomapozhzetpn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\grjhvizwjxvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\pbutiwomapozhzetpn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\anhhxmfetjjvexdtqpe.exe .

C:\Users\Admin\AppData\Local\Temp\grjhvizwjxvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\grjhvizwjxvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\anhhxmfetjjvexdtqpe.exe

C:\Users\Admin\AppData\Local\Temp\anhhxmfetjjvexdtqpe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dvokbyxmqeftezhzyzrjc.exe

C:\Windows\dvokbyxmqeftezhzyzrjc.exe

dvokbyxmqeftezhzyzrjc.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\anhhxmfetjjvexdtqpe.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\anhhxmfetjjvexdtqpe.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe .

C:\Users\Admin\AppData\Local\Temp\anhhxmfetjjvexdtqpe.exe

C:\Users\Admin\AppData\Local\Temp\anhhxmfetjjvexdtqpe.exe

C:\Windows\anbsewqazientjmz.exe

anbsewqazientjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbwxoeyyofgtdxevttjx.exe .

C:\Users\Admin\AppData\Local\Temp\nbwxoeyyofgtdxevttjx.exe

C:\Users\Admin\AppData\Local\Temp\nbwxoeyyofgtdxevttjx.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\anbsewqazientjmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bricrmjwykjvexdtqpf.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\nbwxoeyyofgtdxevttjx.exe*."

C:\Windows\bricrmjwykjvexdtqpf.exe

bricrmjwykjvexdtqpf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bricrmjwykjvexdtqpf.exe .

C:\Windows\bricrmjwykjvexdtqpf.exe

bricrmjwykjvexdtqpf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe

C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe

C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\bricrmjwykjvexdtqpf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bricrmjwykjvexdtqpf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"

C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe

C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hvkcpidooyvfmdhvq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ofxsiecqtggtdxevttkb.exe

C:\Windows\ofxsiecqtggtdxevttkb.exe

ofxsiecqtggtdxevttkb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ofxsiecqtggtdxevttkb.exe .

C:\Windows\ofxsiecqtggtdxevttkb.exe

ofxsiecqtggtdxevttkb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bricrmjwykjvexdtqpf.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ofxsiecqtggtdxevttkb.exe*."

C:\Windows\bricrmjwykjvexdtqpf.exe

bricrmjwykjvexdtqpf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe .

C:\Windows\hvkcpidooyvfmdhvq.exe

hvkcpidooyvfmdhvq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe

C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe

C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hvkcpidooyvfmdhvq.exe*."

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hvkcpidooyvfmdhvq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hvkcpidooyvfmdhvq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qfvocwsefqozhzetpn.exe

C:\Windows\qfvocwsefqozhzetpn.exe

qfvocwsefqozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe .

C:\Windows\anbsewqazientjmz.exe

anbsewqazientjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\anbsewqazientjmz.exe*."

C:\Windows\anbsewqazientjmz.exe

anbsewqazientjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe .

C:\Windows\anbsewqazientjmz.exe

anbsewqazientjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\anbsewqazientjmz.exe*."

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bricrmjwykjvexdtqpf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe

C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe

C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bricrmjwykjvexdtqpf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qfvocwsefqozhzetpn.exe

C:\Windows\qfvocwsefqozhzetpn.exe

qfvocwsefqozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe .

C:\Windows\anbsewqazientjmz.exe

anbsewqazientjmz.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\anbsewqazientjmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ofxsiecqtggtdxevttkb.exe

C:\Windows\ofxsiecqtggtdxevttkb.exe

ofxsiecqtggtdxevttkb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qfvocwsefqozhzetpn.exe .

C:\Windows\qfvocwsefqozhzetpn.exe

qfvocwsefqozhzetpn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe

C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe

C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\qfvocwsefqozhzetpn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .

C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe

C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ofxsiecqtggtdxevttkb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe

C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe

C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bricrmjwykjvexdtqpf.exe*."

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe

C:\Windows\anbsewqazientjmz.exe

anbsewqazientjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qfvocwsefqozhzetpn.exe .

C:\Windows\qfvocwsefqozhzetpn.exe

qfvocwsefqozhzetpn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\qfvocwsefqozhzetpn.exe*."

C:\Windows\anbsewqazientjmz.exe

anbsewqazientjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe .

C:\Windows\hvkcpidooyvfmdhvq.exe

hvkcpidooyvfmdhvq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hvkcpidooyvfmdhvq.exe*."

C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe

C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe .

C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe

C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\anbsewqazientjmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe .

C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe

C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\anbsewqazientjmz.exe*."

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ofxsiecqtggtdxevttkb.exe

C:\Windows\ofxsiecqtggtdxevttkb.exe

ofxsiecqtggtdxevttkb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qfvocwsefqozhzetpn.exe .

C:\Windows\qfvocwsefqozhzetpn.exe

qfvocwsefqozhzetpn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ofxsiecqtggtdxevttkb.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\qfvocwsefqozhzetpn.exe*."

C:\Windows\ofxsiecqtggtdxevttkb.exe

ofxsiecqtggtdxevttkb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe .

C:\Windows\anbsewqazientjmz.exe

anbsewqazientjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\anbsewqazientjmz.exe*."

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dvokbyxmqeftezhzyzrjc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .

C:\Windows\dvokbyxmqeftezhzyzrjc.exe

dvokbyxmqeftezhzyzrjc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dvokbyxmqeftezhzyzrjc.exe

C:\Windows\dvokbyxmqeftezhzyzrjc.exe

dvokbyxmqeftezhzyzrjc.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bricrmjwykjvexdtqpf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bricrmjwykjvexdtqpf.exe .

C:\Windows\bricrmjwykjvexdtqpf.exe

bricrmjwykjvexdtqpf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ofxsiecqtggtdxevttkb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe

C:\Windows\ofxsiecqtggtdxevttkb.exe

ofxsiecqtggtdxevttkb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe

C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\bricrmjwykjvexdtqpf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ofxsiecqtggtdxevttkb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dvokbyxmqeftezhzyzrjc.exe .

C:\Windows\anbsewqazientjmz.exe

anbsewqazientjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hvkcpidooyvfmdhvq.exe*."

C:\Windows\anbsewqazientjmz.exe

anbsewqazientjmz.exe

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Windows\dvokbyxmqeftezhzyzrjc.exe

dvokbyxmqeftezhzyzrjc.exe .

C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe

C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe

C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe

C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bricrmjwykjvexdtqpf.exe

C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe

C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\anbsewqazientjmz.exe*."

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\dvokbyxmqeftezhzyzrjc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dvokbyxmqeftezhzyzrjc.exe .

C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe

C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe

C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe

C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe

C:\Windows\bricrmjwykjvexdtqpf.exe

bricrmjwykjvexdtqpf.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ofxsiecqtggtdxevttkb.exe*."

C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe

C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .

C:\Windows\dvokbyxmqeftezhzyzrjc.exe

dvokbyxmqeftezhzyzrjc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ofxsiecqtggtdxevttkb.exe*."

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\qfvocwsefqozhzetpn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe .

C:\Windows\anbsewqazientjmz.exe

anbsewqazientjmz.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\dvokbyxmqeftezhzyzrjc.exe*."

C:\Windows\anbsewqazientjmz.exe

anbsewqazientjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe

C:\Windows\hvkcpidooyvfmdhvq.exe

hvkcpidooyvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe

C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\anbsewqazientjmz.exe*."

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hvkcpidooyvfmdhvq.exe*."

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bricrmjwykjvexdtqpf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe .

C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe

C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c crnphytuldftezhzyzqfb.exe

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"

C:\Windows\crnphytuldftezhzyzqfb.exe

crnphytuldftezhzyzqfb.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\anbsewqazientjmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c crnphytuldftezhzyzqfb.exe .

C:\Windows\crnphytuldftezhzyzqfb.exe

crnphytuldftezhzyzqfb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c anhhxmfetjjvexdtqpe.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\crnphytuldftezhzyzqfb.exe*."

C:\Windows\anhhxmfetjjvexdtqpe.exe

anhhxmfetjjvexdtqpe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c grjhvizwjxvfmdhvq.exe .

C:\Windows\grjhvizwjxvfmdhvq.exe

grjhvizwjxvfmdhvq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dvokbyxmqeftezhzyzrjc.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\grjhvizwjxvfmdhvq.exe

C:\Windows\dvokbyxmqeftezhzyzrjc.exe

dvokbyxmqeftezhzyzrjc.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\grjhvizwjxvfmdhvq.exe*."

C:\Users\Admin\AppData\Local\Temp\grjhvizwjxvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\grjhvizwjxvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe

C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe .

C:\Windows\hvkcpidooyvfmdhvq.exe

hvkcpidooyvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\zjaxkwmiuhentjmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bricrmjwykjvexdtqpf.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hvkcpidooyvfmdhvq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbwxoeyyofgtdxevttjx.exe

C:\Windows\bricrmjwykjvexdtqpf.exe

bricrmjwykjvexdtqpf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qfvocwsefqozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\nbwxoeyyofgtdxevttjx.exe

C:\Users\Admin\AppData\Local\Temp\nbwxoeyyofgtdxevttjx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pbutiwomapozhzetpn.exe .

C:\Windows\qfvocwsefqozhzetpn.exe

qfvocwsefqozhzetpn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Users\Admin\AppData\Local\Temp\pbutiwomapozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\pbutiwomapozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\qfvocwsefqozhzetpn.exe*."

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\pbutiwomapozhzetpn.exe*."

C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe

C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\anbsewqazientjmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe

C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe

C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe

C:\Users\Admin\AppData\Local\Temp\bricrmjwykjvexdtqpf.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\bricrmjwykjvexdtqpf.exe*."

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dvokbyxmqeftezhzyzrjc.exe

C:\Windows\dvokbyxmqeftezhzyzrjc.exe

dvokbyxmqeftezhzyzrjc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe .

C:\Windows\anbsewqazientjmz.exe

anbsewqazientjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qfvocwsefqozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\anbsewqazientjmz.exe*."

C:\Windows\qfvocwsefqozhzetpn.exe

qfvocwsefqozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ofxsiecqtggtdxevttkb.exe .

C:\Windows\ofxsiecqtggtdxevttkb.exe

ofxsiecqtggtdxevttkb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ofxsiecqtggtdxevttkb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe

C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\dvokbyxmqeftezhzyzrjc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe

C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe

C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe .

C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe

C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\dvokbyxmqeftezhzyzrjc.exe*."

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe

C:\Windows\anbsewqazientjmz.exe

anbsewqazientjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bricrmjwykjvexdtqpf.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\bricrmjwykjvexdtqpf.exe

bricrmjwykjvexdtqpf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\bricrmjwykjvexdtqpf.exe*."

C:\Windows\hvkcpidooyvfmdhvq.exe

hvkcpidooyvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ofxsiecqtggtdxevttkb.exe .

C:\Windows\ofxsiecqtggtdxevttkb.exe

ofxsiecqtggtdxevttkb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ofxsiecqtggtdxevttkb.exe*."

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .

C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe

C:\Users\Admin\AppData\Local\Temp\ofxsiecqtggtdxevttkb.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ofxsiecqtggtdxevttkb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\qfvocwsefqozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\qfvocwsefqozhzetpn.exe*."

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe

C:\Windows\hvkcpidooyvfmdhvq.exe

hvkcpidooyvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe .

C:\Windows\anbsewqazientjmz.exe

anbsewqazientjmz.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\anbsewqazientjmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe

C:\Windows\hvkcpidooyvfmdhvq.exe

hvkcpidooyvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe .

C:\Windows\hvkcpidooyvfmdhvq.exe

hvkcpidooyvfmdhvq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hvkcpidooyvfmdhvq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe .

C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe

C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\anbsewqazientjmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe

C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe

C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe .

C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe

C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\dvokbyxmqeftezhzyzrjc.exe*."

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bricrmjwykjvexdtqpf.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\bricrmjwykjvexdtqpf.exe

bricrmjwykjvexdtqpf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ofxsiecqtggtdxevttkb.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\ofxsiecqtggtdxevttkb.exe

ofxsiecqtggtdxevttkb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ofxsiecqtggtdxevttkb.exe*."

C:\Windows\anbsewqazientjmz.exe

anbsewqazientjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qfvocwsefqozhzetpn.exe .

C:\Windows\qfvocwsefqozhzetpn.exe

qfvocwsefqozhzetpn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\qfvocwsefqozhzetpn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe .

C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe

C:\Users\Admin\AppData\Local\Temp\dvokbyxmqeftezhzyzrjc.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\dvokbyxmqeftezhzyzrjc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hvkcpidooyvfmdhvq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"

C:\Windows\anbsewqazientjmz.exe

anbsewqazientjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe .

C:\Windows\hvkcpidooyvfmdhvq.exe

hvkcpidooyvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hvkcpidooyvfmdhvq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\anbsewqazientjmz.exe

anbsewqazientjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ofxsiecqtggtdxevttkb.exe .

C:\Windows\ofxsiecqtggtdxevttkb.exe

ofxsiecqtggtdxevttkb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ofxsiecqtggtdxevttkb.exe*."

C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe

C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hvkcpidooyvfmdhvq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe

C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe

C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\hvkcpidooyvfmdhvq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qfvocwsefqozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe

C:\Windows\qfvocwsefqozhzetpn.exe

qfvocwsefqozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hvkcpidooyvfmdhvq.exe*."

C:\Windows\hvkcpidooyvfmdhvq.exe

hvkcpidooyvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qfvocwsefqozhzetpn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hvkcpidooyvfmdhvq.exe .

C:\Windows\qfvocwsefqozhzetpn.exe

qfvocwsefqozhzetpn.exe .

C:\Windows\hvkcpidooyvfmdhvq.exe

hvkcpidooyvfmdhvq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ofxsiecqtggtdxevttkb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c anbsewqazientjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bricrmjwykjvexdtqpf.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hvkcpidooyvfmdhvq.exe*."

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\qfvocwsefqozhzetpn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qfvocwsefqozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\anbsewqazientjmz.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.showmyipaddress.com udp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
NL 142.251.31.191:80 www.blogger.com tcp
US 87.120.53.195:27941 tcp
DE 85.214.228.140:80 gyuuym.org tcp
SG 18.142.91.111:80 unxfuild.info tcp
BG 85.130.98.94:29528 tcp
BG 93.123.124.231:32816 tcp
MD 188.237.48.206:33202 tcp
US 8.8.8.8:53 giaiyiskou.org udp
US 104.156.155.94:80 cydlrge.info tcp
IT 31.13.210.127:39130 tcp
US 8.8.8.8:53 uzrekbzzxhoz.info udp
US 8.8.8.8:53 cddevqxvxax.info udp
ES 79.112.215.63:44453 tcp
US 8.8.8.8:53 oegaeoau.org udp
BR 187.38.91.147:19885 tcp
US 8.8.8.8:53 ykhiazzieia.net udp
US 8.8.8.8:53 mcsueepqltt.net udp
FR 130.180.214.117:21926 tcp
US 8.8.8.8:53 xrpwmsl.info udp
US 8.8.8.8:53 fgefye.net udp
US 8.8.8.8:53 guygewecqo.com udp
US 88.216.2.72:38356 tcp
US 8.8.8.8:53 qcritmnmlwgk.info udp
US 8.8.8.8:53 wueysyqiyg.org udp
US 8.8.8.8:53 fyhcouhsdje.com udp
MK 31.11.73.177:32437 tcp
US 8.8.8.8:53 gynkzsbmd.info udp
US 8.8.8.8:53 pvcgkd.net udp
US 8.8.8.8:53 fjaquf.net udp
US 8.8.8.8:53 jzthxr.net udp
BR 177.102.102.110:36937 tcp
US 8.8.8.8:53 fjusznt.com udp
US 8.8.8.8:53 casucogiqsma.com udp
FR 130.180.214.117:21926 tcp
US 8.8.8.8:53 cscycugm.net udp
US 8.8.8.8:53 vqhydndl.info udp
LT 78.58.58.132:27706 tcp
US 8.8.8.8:53 xursjar.net udp
US 8.8.8.8:53 kutjbotdz.info udp
US 8.8.8.8:53 eqxijetqi.net udp
BG 151.252.195.88:28108 tcp
US 8.8.8.8:53 mjpfonuh.net udp
US 8.8.8.8:53 pxlqpo.info udp
US 8.8.8.8:53 lcrllcboc.info udp
MD 89.45.3.4:21098 tcp
US 8.8.8.8:53 pcrcnepxpovl.net udp
US 8.8.8.8:53 pwclvhkpxs.info udp
US 8.8.8.8:53 myjcyrq.info udp
DE 95.222.249.26:40036 tcp
US 8.8.8.8:53 guqmsk.com udp
US 8.8.8.8:53 xmjggax.com udp
RS 95.86.4.110:24189 tcp
US 8.8.8.8:53 zzwqbkmm.info udp
US 8.8.8.8:53 gpdmczd.net udp
US 8.8.8.8:53 hdnnowqfmqfv.info udp
US 8.8.8.8:53 jlanfvjd.net udp
US 8.8.8.8:53 kguszvsmxjjs.net udp
BG 85.130.3.90:36406 tcp
US 8.8.8.8:53 jaevanxjshlb.net udp
US 8.8.8.8:53 ymxxgov.info udp
US 8.8.8.8:53 ifemydpptl.net udp
US 8.8.8.8:53 cykogcgqqcuu.com udp
US 8.8.8.8:53 tkrliy.net udp
US 8.8.8.8:53 zpfebavnjas.com udp
US 8.8.8.8:53 uafaxnf.net udp
US 8.8.8.8:53 hkzuehzublk.net udp
US 8.8.8.8:53 iwsehix.info udp
US 8.8.8.8:53 myrwjqkrwpbk.info udp
US 8.8.8.8:53 mekmgouiim.com udp
US 8.8.8.8:53 jbtudo.info udp
US 8.8.8.8:53 sjdandkop.info udp
US 8.8.8.8:53 gtylhqhg.net udp
US 8.8.8.8:53 tsvybadgji.net udp
US 8.8.8.8:53 yjfqrphjdu.info udp
US 8.8.8.8:53 zevfamxisaz.org udp
US 8.8.8.8:53 zefcprxdt.com udp
US 8.8.8.8:53 bfskahzr.net udp
US 8.8.8.8:53 xoqmmybge.info udp
US 8.8.8.8:53 ncsexuj.org udp
US 8.8.8.8:53 hwmpymnjfg.info udp
US 8.8.8.8:53 qyqigk.com udp
US 8.8.8.8:53 scsuisswquye.org udp
US 8.8.8.8:53 fyaylmbcb.net udp
US 8.8.8.8:53 hmthxzzexz.net udp
US 8.8.8.8:53 miboaxrk.info udp
US 8.8.8.8:53 nbfxyiui.info udp
US 8.8.8.8:53 ekqaao.com udp
US 8.8.8.8:53 eepenyzwa.info udp
US 8.8.8.8:53 bsdddczxfg.net udp
US 8.8.8.8:53 kcvrva.info udp
US 8.8.8.8:53 xfsgmpi.info udp
US 8.8.8.8:53 hijtqj.info udp
US 8.8.8.8:53 myfwieuiduv.net udp
US 8.8.8.8:53 rjbifug.net udp
US 8.8.8.8:53 oawmkcqmim.org udp
US 8.8.8.8:53 djsdzb.info udp
US 8.8.8.8:53 yqdindvszcl.info udp
US 8.8.8.8:53 ldlrgk.info udp
BG 77.76.172.6:38620 tcp
US 8.8.8.8:53 cedczqhe.net udp
US 8.8.8.8:53 ndnialpy.info udp
US 8.8.8.8:53 lejmbdgh.net udp
US 8.8.8.8:53 qymmgigqgmmy.com udp
US 8.8.8.8:53 dcynemlvinhx.net udp
US 8.8.8.8:53 issyeq.com udp
US 8.8.8.8:53 owtumceqt.info udp
US 8.8.8.8:53 mqgotkyvydwd.net udp
US 8.8.8.8:53 tzgsxtz.com udp
US 8.8.8.8:53 qlqisbqm.info udp
US 8.8.8.8:53 skqsiiae.org udp
US 8.8.8.8:53 ughmzwtcrmo.info udp
US 8.8.8.8:53 cgswma.info udp
US 8.8.8.8:53 ufqtbzkmvnav.net udp
US 8.8.8.8:53 xjndxmj.com udp
US 8.8.8.8:53 alyypvemovoc.net udp
US 8.8.8.8:53 xvjslyqmk.net udp
US 8.8.8.8:53 qlstpgkhcjbu.net udp
US 8.8.8.8:53 oyboclfwi.net udp
US 8.8.8.8:53 aoehdvlgy.net udp
US 8.8.8.8:53 gohmnitogix.info udp
US 8.8.8.8:53 oxxtgggg.net udp
US 8.8.8.8:53 hdiyhkbkreb.com udp
US 8.8.8.8:53 hwxdacz.org udp
US 8.8.8.8:53 hyjodgw.info udp
US 8.8.8.8:53 jhzhei.net udp
US 8.8.8.8:53 iykdabiu.info udp
US 8.8.8.8:53 adnymfvev.info udp

Files

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

MD5 54aeff0c4fd8fc2e88e767ac2b0ea55d
SHA1 cc71cb7d188f1bd86a2513ab51b7cf48f40a57ee
SHA256 eb41da70b4797f753d6aa4e320b88eee9936bdad9a2c5a0a4036e077303760d6
SHA512 d3ef262ec71e24a1f3d515332afe14a2bad30272fbadd5619363fcedcf53dfd7671aea8dd396a03935017235965581cfd2c1acd5d9437654e6d666d35dc31052

C:\Windows\SysWOW64\qfvocwsefqozhzetpn.exe

MD5 bad3aa8bfd42552d828c35c8202f43f6
SHA1 8e4baedd28bfa1b0cad3643a3dee24449a0a1df9
SHA256 395f67fccccbea1c99cb243f2ff7994bfc211a19b3e3b583be219265b060d828
SHA512 ec58caa9b81e0f590f38b2592fab525b2f1efd3ab7fe89009dfc6bf8cf35c713d487f2ae9038175545261e3071901ec82699e302b07159de0543727c8a430421

C:\Users\Admin\AppData\Local\Temp\dfiop.exe

MD5 315eda4cc67b7bf0cb8c0dfa1229f695
SHA1 268eb60b65fcfc3d27f81696fd75fd0f6ad61a1f
SHA256 49c05ff46b757ca5d32462a5812b523ceb3c3110f7be415b6194a9e996e4e1b3
SHA512 0fc2cad4c4678a0e2f0549f690fb6980fd8e6441dae5b6a1ed81f27f3a6cd2f092b3f2b650da4a6a35da54a4ff933d3da27ba5e7640c6df9631530b17de0f2fc

C:\Users\Admin\AppData\Local\vhukvmfomupxcrtfytfreufwpywezhmbdpidp.oep

MD5 b1003d4a1dd67a3664c0d197dfec91db
SHA1 78664d370202bc23f9a3ad9b97aeb0d918d3c5c6
SHA256 03f1f9ff236c433874a4fb62754982ef27168ed93db81178f222c7b7332f8b7b
SHA512 0e45a190d93893f9551e78563d1dd8619072c97a2ded5644ea241e04dbb67d30ead2387578afc769c1b6d9b1e1025c27321e232676f7b67263fb79f1d923c192

C:\Users\Admin\AppData\Local\uvxcciqobyifzduvdnoprwwcki.scz

MD5 7e3c95ff7b9b373611a9c770cd73104b
SHA1 25d6fa3ddf52ec877a0326beaeb23c4d26698109
SHA256 48aabdda7bf55bb32c21855025c725101efcf34b7b1b2bb0e390c686c4828d38
SHA512 694e76ebf72e0097ae08e32bf10876a4c9110e2665151352cef880374d062fabf100a48c62391385a4aa2e4baa1cd4e7af3617a882214d935fb60e3ae29f3e10

C:\Program Files (x86)\uvxcciqobyifzduvdnoprwwcki.scz

MD5 8b5eb976ea650e77765eddde0625893c
SHA1 9cf6cee48b22679a390ebee196b57a0a57c39d36
SHA256 bcd1f9fdfb365f86e0ef7dae33747219903865441e6bee4442d84dfedb130770
SHA512 621ecc2f2e36f688f7bbad0d4a7420ba7c2fc026647061e39fea1ed7a92fd6d227558706b55f34ed3c24cf75391e2d929e22f6e558ac33ec6bd8cf37771fe37a

C:\Program Files (x86)\uvxcciqobyifzduvdnoprwwcki.scz

MD5 75ad5867a995a77f89ca7b21da6cab34
SHA1 33593754bf74fccad326d70edbf1ec4a8f2aaeb0
SHA256 9c4b0d833451f431855a3282e273a7f4cfba77d02e10399edb8ce76c4fbdc02b
SHA512 085376350842d05c1e48d7fae223fa7b28cef4ad1d04a48648f3dd95d4f27d5758981b29185419f43f3e903ff8aa1292a0e934875bae96a18057cd387c3fc9a1

C:\Program Files (x86)\uvxcciqobyifzduvdnoprwwcki.scz

MD5 7b8769f6309bae52e3516b9cdfa62cdd
SHA1 cc1a120640f4d360156b83919e593e4a6435c218
SHA256 545a5aed356083c7d57934b1a7aa152ffc9e26c32fc97f36684905a98d7f7a69
SHA512 62fe62a0a29af33566ee1d989b5ee4c237f3ed83f66b0aa0e60128ff7c73df8d242d7054b2e93aeeb6cad94040a5883aa1b80466a41c9f9ab0beed64bbfd9edc

C:\Program Files (x86)\uvxcciqobyifzduvdnoprwwcki.scz

MD5 b6c4afbbed88bf6673d74e159a4c1e15
SHA1 b86c117cc6540ebc33c79ea810024ea9bddb9186
SHA256 936b126f487ec26a7944aed7fb6f117e565631a47e80af9f4a9b824c7815e381
SHA512 95e3f1da51d7f07fe2d422c99fa60be6382a5f3a45123b675b60e0de767f0dc3246e410e930d9a4790c5693a62bd0c623570bd8cd6880cdf38b3986cb801436f

C:\Program Files (x86)\uvxcciqobyifzduvdnoprwwcki.scz

MD5 21b98af547a1ae70e56ff4e16e6921d2
SHA1 d305447748e62921cbb73089ba2b250a03b3d141
SHA256 3a95ac2d0be65966588c0ff27a6628a6c7777d8b2233cf8a49adda66d2ef4977
SHA512 5edcd47a8a7a65df04f4683a1448946a495f2b0fbb37b5a6c1b3a4f892db55093a35f84ea70bce95dfc73846c28104bf7e2c4982b87f0e4ca0d3dbc8d65f61cb

C:\Program Files (x86)\uvxcciqobyifzduvdnoprwwcki.scz

MD5 a653210de949aafba5c091bccc054690
SHA1 c17db139ca9d4de68f41b7047c8cc826b399a28c
SHA256 75f89fd6a1e312b54e0bc6f151e145f061029a39e51c147abac9753570d06983
SHA512 b09d4125a8852b696585d8fb73e0d7f55e17fc65e058eb0235016cf581bb7e7a17ab8f91815f3a3bce3ad436ae2e10cea64e64382b3e724d1fe1d19fbc09ef9c